CVE-2025-57396
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-10-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tandoor | recipes | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57396 is a privilege escalation vulnerability in Tandoor Recipes version 2.0.0-alpha-1. Due to a rework of the API, the User Profile API endpoint exposed two boolean fields, `is_staff` and `is_superuser`, which indicate staff and administrative privileges. These fields were modifiable by any user, allowing a regular user to escalate their privileges to staff or admin by setting these fields to true. [1]
How can this vulnerability impact me? :
This vulnerability allows any user of Tandoor Recipes 2.0.0-alpha-1 to escalate their privileges to staff or administrative levels without authorization. This could lead to unauthorized access to sensitive functions, data manipulation, or control over the application, potentially compromising the security and integrity of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if users are able to modify the `is_staff` and `is_superuser` boolean fields in the User Profile API endpoint. You can test this by sending an API request to update your user profile with these fields set to true and observing if the privilege escalation occurs. For example, using curl: `curl -X PATCH https://your-tandoor-instance/api/user/profile/ -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' -d '{"is_staff": true, "is_superuser": true}'`. If the request succeeds and your privileges escalate, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Tandoor Recipes to version 2.0.0-alpha-2 or later, where the issue has been fixed. Additionally, review and restrict API access controls to ensure that boolean privilege fields like `is_staff` and `is_superuser` cannot be modified by unauthorized users. Implement continuous security checks especially after API changes to detect such issues early. [1]