Medium severity4.3NVD Advisory· Published Oct 10, 2025· Updated Apr 15, 2026
CVE-2025-62292
CVE-2025-62292
Description
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Affected products
1- Range: <25.6, <2025.3 Commercial, <2025.1.3 LTA
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.