silverstripe/framework is vulnerable to Privilege Escalation. The vulnerability is due to the CMS Fields for members being constructed using DirectGroups instead of Groups relation. The vulnerability allows attacker with EDIT_PERMISSIONS and access to the βSecurityβ section to escalate their privileges within the system.