CVE-2025-15602

{"id": "CVE-2025-15602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-06T17:16:24.600", "references": [{"url": "https://github.com/grokability/snipe-it/releases/tag/v8.3.7", "tags": ["Product", "Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://snipeitapp.com/", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/snipe-it-mass-assignment-vulnerability-leading-to-privilege-escalation", "tags": ["Patch", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-915"}]}], "descriptions": [{"lang": "en", "value": "Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the Super Admin account. By changing the email address of the Super Admin and triggering a password reset, an attacker can fully take over the Super Admin account, resulting in complete administrative control of the Snipe-IT instance."}, {"lang": "es", "value": "Las versiones de Snipe-IT anteriores a la 8.3.7 contienen atributos de usuario sensibles relacionados con los privilegios de la cuenta que est\u00e1n insuficientemente protegidos contra la asignaci\u00f3n masiva. Un usuario autenticado y con pocos privilegios puede elaborar una solicitud de API maliciosa para modificar campos restringidos de otra cuenta de usuario, incluida la cuenta de Super Administrador. Al cambiar la direcci\u00f3n de correo electr\u00f3nico del Super Administrador y activar un restablecimiento de contrase\u00f1a, un atacante puede tomar el control total de la cuenta de Super Administrador, lo que resulta en un control administrativo completo de la instancia de Snipe-IT."}], "lastModified": "2026-04-17T21:30:32.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F956751-AE24-4824-8DCC-2478A071E013", "versionEndExcluding": "8.3.7"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}