← Back

CVE-2025-59945

nvd nist
Published: Sep 27, 2025Modified: Dec 11, 2025

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: security-advisories@github.com (Secondary)

Description

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

Affected (1)

Syslifters
1 product
Sysreptor
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sysreptor
From 2024.74 to 2025.83

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (2)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Vendor Advisory

Timeline

No history available yet.