CVE-2025-57396

MEDIUM EPSS 12.7%
Published Sep 19, 20259mo ago · Modified Jun 17, 20262w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Sep 19, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level.

CVSS Details

Base Score
6.5
Exploitability
3.9
Impact
2.5
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
12.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 1

VendorProductVersionRange
tandoorrecipes2.0.0any

References 1

  • m10x.de https://m10x.de/posts/2025/08/continuous-checks-are-important-privilege-escalation-in-tandoor-recipes/
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.