CVE-2025-62730

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-62730

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62730.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-62730

Published

2025-11-20T16:16:00.180Z

Modified

2026-03-13T03:40:37.658958Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with usermanageteam role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges.

This issue was fixed in version 1.55.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.55.00"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62730.json"