CVE-2025-62730

High CVSS: 8.7

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges.

This issue was fixed in version 1.55.

Vendor

Soplanning

Product

Soplanning

CWE

CWE-863

Yayın Tarihi

2025-11-20 16:16:00

Güncelleme

2025-11-24 13:53:07

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-863 Soplanning HIGH Soplanning 2025

Referanslar

https://cert.pl/en/posts/2025/11/CVE-2025-62293 https://www.soplanning.org/en/

Benzer Kayıtlar

Medium

CVE-2025-62731

SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is…

Medium

CVE-2025-62293

SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Statu…

High

CVE-2025-62294

SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recov…

Medium

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject ar…

Medium

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitra…

Medium

CVE-2025-62297

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitr…