CVE-2025-48695

Name of the Vulnerable Software and Affected Versions CyberDAVA versions prior to 1.1.20

Description A privilege escalation issue allows a low-privileged user to escalate their privilege by abusing the API endpoint "/api/v2/users/user//role/ROLE/" due to the lack of access control, potentially achieving admin access.

Recommendations For versions prior to 1.1.20, update to version 1.1.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/v2/users/user//role/ROLE/" API endpoint to minimize the risk of exploitation.