Primakon Pi Portal Privilege Escalation Vulnerability

Vulnerability

A vulnerability in the Primakon Pi Portal version 1.0.18 has been identified in the /api/v2/pp_users endpoint. This vulnerability arises from inadequate user permission checks, allowing low-level users to send PATCH requests that modify the PP_SECURITY_PROFILE_ID. By setting the PP_SECURITY_PROFILE_ID to 2, users can escalate their privileges to Administrator.

Impact

Exploitation of this vulnerability allows low-level users to gain Administrator privileges, leading to unauthorized access and control within the application.

Added: Nov 25, 2025, 7:19 PM

Updated: Nov 25, 2025, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Primakon Pi Portal Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating