CVE-2025-59308

· NIST NVD ↗

In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution for which they are not an administrator, if they also have the 'Site staff' role.

MEDIUM
CVSS severity
4.7
CVSS base score
2026-04-24
Published

CWE codes

CWE-284

Sources