CVE-2025-7044 PUBLISHED

Privilege Escalation in MAAS via Websocket Request Manipulation

Assigner: canonical
Reserved: 03.07.2025 Published: 03.12.2025 Updated: 03.12.2025

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 7.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Ubuntu
Product	MAAS
Versions	Default: unaffected affected from 3.3.0 to 3.3.11 (excl.) affected from 3.4.0 to 3.4.9 (excl.) affected from 3.5.0 to 3.5.9 (excl.) affected from 3.6.0 to 3.6.2 (excl.) Version 3.7.0 is unaffected Version 3.8.0 is unaffected

Credits

Jacopo Rota finder

References

https://bugs.launchpad.net/maas/+bug/2115714

Problem Types

CWE-269 Improper Privilege Management CWE

Impacts

CAPEC-233 Privilege Escalation