CVE-2025-62730 — HIGH (8.8)

Q: How severe is CVE-2025-62730?

CVE-2025-62730 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-62730?

Check the references section above for vendor advisories and patch information. Affected products include: Soplanning Soplanning.

Vulnerability Description

SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges. This issue was fixed in version 1.55.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Soplanning	Soplanning	< 1.55.00

Related Weaknesses (CWE)

CWE-863

References

https://cert.pl/en/posts/2025/11/CVE-2025-62293Third Party Advisory
https://www.soplanning.org/en/Product

FAQ

What is CVE-2025-62730?

CVE-2025-62730 is a vulnerability with a CVSS score of 8.8 (HIGH). SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative pe...

How severe is CVE-2025-62730?

CVE-2025-62730 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-62730?

Check the references section above for vendor advisories and patch information. Affected products include: Soplanning Soplanning.