High severity7.5NVD Advisory· Published Mar 7, 2025· Updated Apr 15, 2026
CVE-2025-27822
CVE-2025-27822
Description
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.x-1.0.1+ 1 more
- (no CPE)range: <1.x-1.0.1
- (no CPE)range: < 1.x-1.0.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.