Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their privileges by sending an HTTP request with a manipulated 'identifier' field. Successful exploitation of this vulnerability could allow an authenticated user to obtain administrator privileges. It is not possible to escalate privileges through the graphical user interface.
AnalysisAI
Privilege escalation in MphRx Minerva V3.6.0 allows authenticated users with user modification privileges to gain administrator access by manipulating the 'identifier' field in direct HTTP requests to the '/minerva/moUser/update' endpoint. While the vulnerability requires existing low-level authenticated access and cannot be exploited through the graphical interface, the CVSS v4.0 score of 8.5 reflects high impact across confidentiality, integrity, and availability in the subsequent system context (SC:H/SI:H/SA:H). No public exploit identified at time of analysis, with EPSS data unavailable for this recent CVE.
Technical ContextAI
This vulnerability affects the user management API endpoint in MphRx Minerva version 3.6.0, a healthcare/pharmaceutical software platform. The flaw is classified as CWE-285 (Improper Authorization), indicating the application fails to properly validate whether an authenticated user should be permitted to modify the 'identifier' field during user update operations. The authorization check likely occurs only at the UI layer, while the underlying REST API endpoint '/minerva/moUser/update' accepts direct HTTP requests without re-validating the requester's permission to assign elevated role identifiers. This represents a classic broken access control scenario where horizontal privilege checks (user can modify users) do not prevent vertical escalation (user can modify their own or others' privilege levels). The CVSS v4.0 vector indicates network-accessible (AV:N), low complexity (AC:L), requiring low privileges (PR:L) with no user interaction (UI:N), and critically, high impact on the subsequent system context across all CIA triad dimensions.
RemediationAI
Organizations running MphRx Minerva V3.6.0 should immediately consult the INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-mphrxs-minerva for vendor-provided patches and upgrade guidance. No vendor-released patch version is independently confirmed from available data at time of analysis. As interim mitigation, restrict user modification privileges to the minimum necessary personnel and implement monitoring for unexpected privilege changes or direct API calls to '/minerva/moUser/update' outside normal business processes. Web application firewall rules can detect and block requests to this endpoint containing 'identifier' field modifications from users whose session tokens do not correspond to superuser accounts, though this requires custom rule development. Network segmentation should ensure the Minerva administrative interface is accessible only from trusted management networks, not general user VLANs. Audit existing user accounts for evidence of unauthorized privilege escalation by reviewing user modification logs and comparing current privilege assignments against authorized baselines. These compensating controls reduce but do not eliminate risk, as authenticated insiders with legitimate user management access can still exploit the flaw.
Insecure direct object reference in MphRx Minerva V3.6.0 allows authenticated attackers to modify arbitrary user profile
Insecure direct object reference in MphRx Minerva V3.6.0 allows authenticated attackers to enumerate and exfiltrate sens
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26040