CVE-2025-58386
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| terminalfour | terminalfour | 8.0 |
| terminalfour | terminalfour | 8.4.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Terminalfour versions 8 through 8.4.1.1 where the userLevel parameter in the user management function lacks proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts or invite a new lower-privileged account and escalate its privileges. Additionally, the Power User can change the target account's password, gaining full control over it.
How can this vulnerability impact me? :
The vulnerability allows a Power User to escalate privileges to Administrator by modifying user roles and passwords. This can lead to unauthorized full control over accounts, potentially compromising system integrity, confidentiality, and availability.