PT-2025-48172 · Oneuptime · Oneuptime

Published

2025-11-25

Updated

2026-03-10

CVE-2025-66028

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 8.0.5567

Description OneUptime, a service monitoring solution, contains a flaw that allows for privilege escalation. By altering the isMasterAdmin parameter within the login response, an attacker can potentially gain access to the admin dashboard. While access to data may still be restricted based on existing permissions, the ability to reach the administrative interface is compromised. The affected API endpoint is the login process.

Recommendations Update to version 8.0.5567 or later.

Exploit

Fix

LPE

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

CVE-2025-66028

GHSA-675Q-66GF-GQG8

Affected Products

Oneuptime

PT-2025-48172 · Oneuptime · Oneuptime

CVE-2025-66028

Weakness Enumeration

Related Identifiers

Affected Products

References · 12