SysReptor Susceptible to Privilege Escalation by Authenticated Users_CVE-2025-59945

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

Basic Information

ID CVE-2025-59945

Source GitHub_M

Published Sep 27, 2025 at 01:01

Affected Product

Vendor Syslifters

Product sysreptor

Version >= 2024.74, < 2025.83

Affected Versions Syslifters sysreptor >= 2024.74, < 2025.83

CWE Classification

CWE-266

References

{
    "lastseen": "",
    "description": "SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.",
    "published": "2025-09-27T01:01:52.330Z",
    "modified": "2025-09-27T01:01:52.330Z",
    "type": "cve",
    "title": "SysReptor Susceptible to Privilege Escalation by Authenticated Users",
    "source": "GitHub_M",
    "references": "https://github.com/Syslifters/sysreptor/security/advisories/GHSA-r6hm-59cq-gjg6\nhttps://github.com/Syslifters/sysreptor/commit/de8b5d89d0644479ee0da0a113c6bcc2436ba7f4",
    "id": "CVE-2025-59945",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "Syslifters sysreptor >= 2024.74, < 2025.83",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sysreptor",
    "version": ">= 2024.74, < 2025.83",
    "vendor": "Syslifters",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}