CVE-2025-62730 HIGH

CVE-2025-62730: Privilege Escalation via Incorrect Authorization in SOPlanning

Vendor Soplanning
Product SOPlanning
Weakness CWE-863 · Incorrect authorization
Published November 20, 2025
Last update November 20, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges. This issue was fixed in version 1.55.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
November 20, 2025 Record updated