CVE-2025-7044

Name of the Vulnerable Software and Affected Versions MAAS (affected versions not specified)

Description An improper input validation issue exists in the user websocket handler. An authenticated, unprivileged attacker can intercept a user.update websocket request and modify the is superuser property to true. The server does not properly validate this input, allowing the attacker to gain administrative privileges and full control over the MAAS deployment. The vulnerable component is the websocket handler responsible for processing user.update requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.