How to fix CVE-2025-7044?

Within 24 hours: Identify all MAAS instances in your environment and restrict websocket access to trusted networks only; document current administrative accounts and monitor for unauthorized privilege escalation. Within 7 days: Implement network segmentation to limit unprivileged user access to the MAAS websocket interface; enable enhanced logging and alerting on user.update websocket requests. Within 30 days: Evaluate alternative access controls such as disabling websocket-based user updates where possible, or implement WAF rules to validate and reject websocket payloads containing is_superuser modifications; prepare for patch deployment once available.

Is Maas affected by CVE-2025-7044?

An authentication bypass vulnerability in MAAS allows unprivileged users to elevate themselves to administrator status through websocket manipulation, granting complete control over the infrastructure-as-a-service deployment.

CVE-2025-7044

EUVD-2025-201010 HIGH

2025-12-03 [email protected]

7.7

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-201010

CVE Published

Dec 03, 2025 - 16:16 nvd

HIGH 7.7

Description

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Analysis

Technical Context

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).

Affected Products

Affected products: Canonical Maas

Remediation

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2025-7044 vulnerability details – vuln.today

Back

CVE-2025-7044

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-7044

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code