CVE-2025-54596 Information

Description

Abnormal Security /v1.0/rbac/users_v2/USER_ID/ before 2025-02-19 allows downgrading the privileges of other user accounts.

Reference

https://bugcrowd.com/disclosures/b2406123-c02d-47cf-bcf1-8af57e1de526/no-rbac-validation-on-api-requests-user-management

Related CNNVD

CNNVD-202507-3129 (Published: 2025-07-25)