Privilege Escalation Vulnerability in OneUptime Monitoring Solution
CVE-2025-66028

6.9MEDIUM

Key Information:

Vendor: Oneuptime
Status: Oneuptime
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-66028?

OneUptime, a robust solution for managing online services, is susceptible to privilege escalation if prior to version 8.0.5567. This vulnerability emerges from the login process where the server response includes an 'isMasterAdmin' parameter. Attackers can potentially intercept and alter this parameter from false to true, gaining unauthorized access to the admin dashboard interface. However, even with this access, attackers may face limitations on data visibility and interaction depending on their existing permissions. Users are advised to upgrade to version 8.0.5567 or later to secure their installations.

Affected Version(s)

oneuptime < 8.0.5567

References

https://github.com/OneUptime/oneuptime/security/advisorie...

x_refsource_CONFIRM

https://github.com/OneUptime/oneuptime/commit/3e72b2a9a4f...

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Nov 21, 2025

CVE-2025-66028 Data

JSON

Oneuptime

What is CVE-2025-66028?

Affected Version(s)

References

CVSS V4

Timeline