{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T19:53:20.677","vulnerabilities":[{"cve":{"id":"CVE-2025-48695","sourceIdentifier":"cve@mitre.org","published":"2025-05-23T05:15:25.310","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Target role> (admin access can be achieved)."},{"lang":"es","value":"Se descubrió un problema en CyberDAVA antes de la versión 1.1.20. Una vulnerabilidad de escalada de privilegios permite que un usuario con pocos privilegios aumente sus privilegios abusando de la siguiente API debido a la falta de control de acceso: /api/v2/users/user//role/ROLE/ (se puede obtener acceso de administrador)."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://github.com/michaelcheung-research/Vulnerability-Disclosure/blob/main/CVE-2025-CyberDava1/README.md?plain=1","source":"cve@mitre.org"},{"url":"https://www.cyberdava.com","source":"cve@mitre.org"}]}}]}