← Retour aux CVEs
CVE-2025-59308
MEDIUM4.7
Description
In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role.
Details CVE
Score CVSS v3.14.7
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie4/24/2026
Derniere modification4/24/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-284
References
https://mahara.org(cve@mitre.org)
https://mahara.org/interaction/forum/topic.php?id=9851(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.