Maas

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-7044 HIGH This Week

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Privilege Escalation Maas

NVD

CVSS 3.1

7.7

EPSS

0.0%

CVE-2025-7044

EPSS 0% CVSS 7.7

HIGH This Week

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Privilege Escalation Maas

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy