Executive Summary

CVE-2025-57396 is a privilege escalation vulnerability in Tandoor Recipes version 2.0.0-alpha-1. Due to a rework of the API, the User Profile API endpoint exposed two boolean fields, `is_staff` and `is_superuser`, which indicate staff and administrative privileges. These fields were modifiable by any user, allowing a regular user to escalate their privileges to staff or admin by setting these fields to true. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows any user of Tandoor Recipes 2.0.0-alpha-1 to escalate their privileges to staff or administrative levels without authorization. This could lead to unauthorized access to sensitive functions, data manipulation, or control over the application, potentially compromising the security and integrity of the system. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if users are able to modify the `is_staff` and `is_superuser` boolean fields in the User Profile API endpoint. You can test this by sending an API request to update your user profile with these fields set to true and observing if the privilege escalation occurs. For example, using curl: `curl -X PATCH https://your-tandoor-instance/api/user/profile/ -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' -d '{"is_staff": true, "is_superuser": true}'`. If the request succeeds and your privileges escalate, the system is vulnerable. [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Tandoor Recipes to version 2.0.0-alpha-2 or later, where the issue has been fixed. Additionally, review and restrict API access controls to ensure that boolean privilege fields like `is_staff` and `is_superuser` cannot be modified by unauthorized users. Implement continuous security checks especially after API changes to detect such issues early. [1]

Useful 0 Not Useful 0