CNNVD-202509-4273 Information

Sep 27, 2025 cve

CNNVD ID

CNNVD-202509-4273

CVE-2025-59945

CNNVD Published: 2025-09-27

Description (Chinese)

Syslifters Sysreptor是Syslifters公司的一个渗透测试报告平台。 Syslifters Sysreptor 2024.74版本至2025.83之前版本存在安全漏洞，该漏洞源于允许非特权用户分配is_project_admin权限，可能导致未经授权访问、修改和删除渗透测试项目。

Description (English)

Syslifters Sysreptor is a infiltration test reporting platform for Syslifters. There is a security loophole between the Syslifters Sysreptor version 2024.74 and the previous version of 2025.83, which stems from the fact that non-privileged users are allowed to allocate the rights ofis project admin and may lead to unauthorized access, modification and deletion of infiltration testing items.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Syslifters

Published

2025-09-27

Last Modified

2026-02-24

References

https://github.com/Syslifters/sysreptor/commit/de8b5d89d0644479ee0da0a113c6bcc2436ba7f4 https://github.com/Syslifters/sysreptor/security/advisories/GHSA-r6hm-59cq-gjg6 https://access.redhat.com/security/cve/cve-2025-59945

Patch

https://docs.sysreptor.com/

Share on: