CVE-2025-27822: High severity backdrop masquerade vulnerability
An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people (who can masquerade) from switching to an account with administrative privileges. This permission is not always honored and may allow non-administrative users to masquerade as an administrator. This vulnerability is mitigated by the fact that an attacker must have a role with the "Masquerade as user" permission.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-27822?
CVE-2025-27822 is classified as a critical vulnerability due to its potential to allow unauthorized access to user accounts.
How do I fix CVE-2025-27822?
To resolve CVE-2025-27822, update the Backdrop Masquerade module to version 1.x-1.0.1 or later.
Who is affected by CVE-2025-27822?
CVE-2025-27822 affects users of the Backdrop CMS with versions of the Masquerade module prior to 1.x-1.0.1.
What are the risks of not addressing CVE-2025-27822?
Failing to address CVE-2025-27822 may allow unauthorized users to switch accounts, leading to data breaches or unauthorized access.
What does CVE-2025-27822 allow?
CVE-2025-27822 allows users to temporarily switch to another user account, which can lead to potential misuse of administrative privileges.