CVE-2025-59945 HIGH

CVE-2025-59945: SysReptor Susceptible to Privilege Escalation by Authenticated Users

Vendor Syslifters
Product sysreptor
Weakness CWE-266
Published September 27, 2025
Last update September 29, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged (non-admin) users can assign the is_project_admin permission to their own user. This allows users to read, modify and delete pentesting projects they are not members of and are therefore not supposed to access. This issue has been patched in version 2025.83.

Key dates

02Disclosure timeline

September 27, 2025 CVE published
September 29, 2025 Record updated