How severe is CVE-2025-27822?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-27822?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-27822 - HIGH Severity | CVSS 7.5

Vulnerability Description

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission.

Related Vulnerabilities

CVE-2006-6679

HIGH

CVSS:7.5(High)

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by sp...

CWE-8632006

CVE-2008-4577

HIGH

CVSS:7.5(High)

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

CWE-8632008

CVE-2009-3723

HIGH

CVSS:7.5(High)

asterisk allows calls on prohibited networks

CWE-8632009

CVE-2011-2726

HIGH

CVSS:7.5(High)

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual...

CWE-8632011

CVE-2012-2238

HIGH

CVSS:7.5(High)

trytond 2.4: ModelView.button fails to validate authorization

CWE-8632012

CVE-2012-3822

HIGH

CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.

CWE-8632012