CVE-2025-66385
CVE-2025-66385 affects Cerebrate prior to version 1.30. The issue arises in UsersController::edit where an authenticated, non-privileged user can escalate privileges by supplying or modifying role_id or organisation_id in the user-edit endpoint. Affected is the ability to obtain higher roles (e.g...