PT-2025-38623 · Unknown · Tandoor Recipes
M10X
·
Published
2025-09-19
·
Updated
2025-09-20
·
CVE-2025-57396
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Tandoor Recipes versions 2.0.0-alpha-1
Description
Tandoor Recipes 2.0.0-alpha-1 is susceptible to privilege escalation. This issue stems from a rework of the API, specifically within the User Profile
API Endpoint. The endpoint contains two boolean values that incorrectly indicate a user's staff or administrative status. This allows any user to elevate their privileges to the highest level.Recommendations
Update to Tandoor Recipes version 2.0.0-alpha-2 or later.
Exploit
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tandoor Recipes