CVE-2025-59945

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59945

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59945.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59945

Aliases

GHSA-r6hm-59cq-gjg6

Published

2025-09-27T01:01:52.330Z

Modified

2026-04-02T12:58:35.375467Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

SysReptor Susceptible to Privilege Escalation by Authenticated Users

Details

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59945.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-266"
    ]
}

References

Affected packages

Git / github.com/syslifters/sysreptor

Affected ranges

Type: GIT
Repo: https://github.com/syslifters/sysreptor
Events: Introduced

966c805349705f8e15b44cac072c7a318f9b2d18

Fixed

982a341706b7e676eced5e623f4182d93312b674

Affected versions

2024.*

2024.74

2024.79

2024.81

2024.91

2024.96

2025.*

2025.12

2025.20

2025.25

2025.29

2025.37

2025.4

2025.43

2025.50

2025.56

2025.64

2025.69

2025.74

2025.80

2025.81

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59945.json"