Unrated severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025
Privilege Escalation via Incorrect Authorization in SOPlanning
CVE-2025-62730
Description
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges.
This issue was fixed in version 1.55.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.55+ 1 more
- (no CPE)range: <1.55
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2- cert.pl/en/posts/2025/11/CVE-2025-62293mitrethird-party-advisory
- www.soplanning.org/en/mitreproduct
News mentions
0No linked articles in our index yet.