CVE-2025-54596 MEDIUM

CVE-2025-54596

Vendor Abnormal Ai
Product Abnormal Security
Weakness CWE-863 · Incorrect authorization
Published July 25, 2025
Last update July 25, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.

Key dates

02Disclosure timeline

July 25, 2025 CVE published
July 25, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-5418 Cloud Controller allows users with no roles to list droplets CVE-2025-1418 Information disclosure in Proget MDM CVE-2026-34972 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision CVE-2024-13270 Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034 CVE-2026-41350 OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations