← Voltar para CVEs
CVE-2025-59308
MEDIUM4.7
Descricao
In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role.
Detalhes CVE
Pontuacao CVSS v3.14.7
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado4/24/2026
Ultima modificacao4/24/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-284
Referencias
https://mahara.org(cve@mitre.org)
https://mahara.org/interaction/forum/topic.php?id=9851(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.