QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-66385

Back to search

CVE-2025-66385

Published: Nov 28, 2025

Modified: Nov 28, 2025

PUBLISHED

Description

UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields in the edit request.

VendorProductVersions

cerebrate-project

Cerebrate

affected
0 - < 1.30

Weaknesses (CWE)

CWE-472

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now