PT-2025-30913 · Unknown · Abnormal Security
Liamstrang
·
Published
2025-07-25
·
Updated
2025-07-25
·
CVE-2025-54596
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Abnormal Security versions prior to 2025-02-19
Description
The software contains an issue that allows downgrading the privileges of other user accounts. The issue is related to the
/v1.0/rbac/users v2/{USER ID}/ API endpoint, where USER ID is a vulnerable parameter.Recommendations
Update to a version released on or after 2025-02-19.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Abnormal Security