HomeDefault status
unaffected
Any version
affected
Description
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.
Problem types
CWE-287 Improper Authentication - Generic
Product status
Any version
Credits
barcrange (3l4)