8.1

CVE-2025-59945

EPSS 0.03%
Veröffentlicht 27.09.2025 01:15:44
Zuletzt bearbeitet 11.12.2025 21:18:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Syslifters ≫ Sysreptor Version >= 2024.74 < 2025.83

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://github.com/Syslifters/sysreptor/commit/de8b5d89d0644479ee0da0a113c6bcc2436ba7f4

Patch

https://github.com/Syslifters/sysreptor/security/advisories/GHSA-r6hm-59cq-gjg6

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59945

EUVD