Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 3, 2025
CVE-2025-58386
CVE-2025-58386
Description
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify this parameter to assign the Administrator role to other existing lower-privileged accounts, or invite a new lower-privileged account and escalate its privileges. While manipulating this request, the Power User can also change the target account's password, effectively taking full control of it.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=8, <=8.1.1.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.