Home

Description

Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.

PUBLISHED Reserved 2025-07-25 | Published 2025-07-25 | Updated 2025-07-25 | Assigner mitre




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

1.0 (custom) before 2025-02-19
affected

References

bugcrowd.com/...c-validation-on-api-requests-user-management

cve.org (CVE-2025-54596)

nvd.nist.gov (CVE-2025-54596)

Download JSON