Home

Description

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

PUBLISHED Reserved 2025-07-03 | Published 2025-12-03 | Updated 2025-12-03 | Assigner canonical




HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status
unaffected

3.3.0 (semver) before 3.3.11
affected

3.4.0 (semver) before 3.4.9
affected

3.5.0 (semver) before 3.5.9
affected

3.6.0 (semver) before 3.6.2
affected

3.7.0 (semver)
unaffected

3.8.0 (semver)
unaffected

Credits

Jacopo Rota finder

References

bugs.launchpad.net/maas/+bug/2115714

cve.org (CVE-2025-7044)

nvd.nist.gov (CVE-2025-7044)