CVE-2025-58386

Name of the Vulnerable Software and Affected Versions Terminalfour versions 8 through 8.4.1.1

Description The userLevel parameter within the user management function lacks sufficient server-side authorization checks. A Power User can manipulate this parameter to assign the Administrator role to existing lower-privileged accounts or new accounts, effectively escalating privileges. This manipulation also allows the Power User to change the target account's password, gaining full control. The vulnerable parameter is userLevel.

Recommendations Versions prior to 8.4.1.1 should be updated.