Canonical · Maas · CVE-2025-7044
**Name of the Vulnerable Software and Affected Versions**
MAAS (affected versions not specified)
**Description**
An improper input validation issue exists in the user websocket handler. An authenticated, unprivileged attacker can intercept a `user.update` websocket request and modify the `is superuser` property to true. The server does not properly validate this input, allowing the attacker to gain administrative privileges and full control over the MAAS deployment. The vulnerable component is the websocket handler responsible for processing `user.update` requests.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.