Privilege Escalation in Masquerade Module for Backdrop CMS
CVE-2025-27822

7.5HIGH

Key Information:

Vendor: Backdropcms
Status: Masquerade
Vendor: CVE Published:; 7 March 2025

🔔 Create Backdropcms Vulnerability Alert

What is CVE-2025-27822?

A flaw in the Masquerade module for Backdrop CMS allows unauthorized users to temporarily impersonate other users, including administrative accounts. This vulnerability arises from the module's insufficient enforcement of the 'Masquerade as admin' permission, potentially exposing sensitive administrative functions to unauthorized personnel. While access is contingent upon the attacker possessing the 'Masquerade as user' permission, the risk of misuse remains significant.

Affected Version(s)

Masquerade 0 < 1.x-1.0.1

References

https://backdropcms.org/security/backdrop-sa-contrib-2025...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Mar 7, 2025