PT-2025-39701 · Sysreptor · Sysreptor
Published
2025-09-27
·
Updated
2025-12-11
·
CVE-2025-59945
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SysReptor versions 2024.74 through 2025.82
Description
Authenticated, unprivileged users can assign the
is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not members of. This allows access to projects that users should not be able to access.Recommendations
Update to version 2025.83 or later.
Exploit
Fix
LPE
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sysreptor