Plattform
linux
Komponente
maas
Behoben in
3.3.11
3.4.9
3.5.9
3.6.2
CVE-2025-7044 describes a Privilege Escalation vulnerability within the MAAS (Metal as a Service) platform. This flaw allows an authenticated, but unprivileged, user to escalate their privileges to that of an administrator, effectively gaining full control over the MAAS deployment. The vulnerability affects versions 3.3.0 through 3.8.0 and has been resolved in version 3.8.1.
The impact of CVE-2025-7044 is significant. A successful exploit grants an attacker complete administrative control over the affected MAAS deployment. This includes the ability to modify system configurations, deploy or remove virtual machines and bare metal servers, and access sensitive data stored within the MAAS system. The attacker could effectively compromise the entire infrastructure managed by MAAS. This vulnerability shares similarities with other privilege escalation flaws where improper input validation leads to unauthorized access and control.
CVE-2025-7044 was publicly disclosed on December 3, 2025. The vulnerability's severity is rated HIGH with a CVSS score of 7.7. Currently, there are no publicly available proof-of-concept exploits, but the ease of exploitation, given the requirement of only authenticated access, suggests a medium probability of exploitation. It has not yet been added to the CISA KEV catalog.
Organizations heavily reliant on MAAS for server provisioning and management are particularly at risk. Environments with limited security controls or those using older MAAS versions are also more vulnerable. Shared hosting environments where multiple users share a single MAAS instance should be prioritized for patching.
• linux / server:
journalctl -u maas -g 'websocket handler' | grep -i 'user.update'• linux / server:
ps aux | grep -i 'maas websocket handler' | grep -i 'user.update'• linux / server:
find /var/log/maas/ -name '*.log' -print0 | xargs -0 grep -i 'is_superuser=true'disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-7044 is to upgrade MAAS to version 3.8.1 or later, which contains the necessary fix. If an immediate upgrade is not feasible, consider implementing stricter authentication and authorization controls within MAAS to limit the potential impact of a successful exploit. Review user permissions and ensure the principle of least privilege is enforced. Monitor MAAS logs for suspicious websocket activity, particularly requests involving user updates. While a WAF cannot directly prevent this vulnerability, it can help detect and block malicious requests attempting to exploit it.
Aktualisieren Sie MAAS auf eine Version, die die Improper Input Validation Schwachstelle behebt. Sehen Sie in den Ubuntu und MAAS Versionshinweisen nach, um spezifische Anweisungen zur Aktualisierung zu erhalten. Als vorübergehende Maßnahme überprüfen und härten Sie die MAAS API-Zugriffsberechtigungen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-7044 is a vulnerability in MAAS versions 3.3.0–3.8.0 that allows an authenticated user to escalate privileges to administrator, gaining full control. It’s rated HIGH severity (7.7 CVSS).
You are affected if you are running MAAS versions 3.3.0 through 3.8.0. Upgrade to 3.8.1 or later to mitigate the risk.
The recommended fix is to upgrade to MAAS version 3.8.1 or a later version. If an upgrade is not immediately possible, consider temporary workarounds like restricting access to the websocket handler.
There is currently no public information indicating active exploitation of CVE-2025-7044, but the vulnerability is publicly known and should be addressed promptly.
Refer to the official MAAS security advisory for detailed information and updates regarding CVE-2025-7044. Check the Canonical website for the latest advisory.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.