CVE-2025-47561 describes an Incorrect Privilege Assignment vulnerability in RomanCode's MapSVG plugin affecting versions before 8.6.13. This vulnerability enables privilege escalation, allowing an attacker with limited privileges to gain higher privileges. The CVSS 3.1 base score is 8.8, reflecting network attack vector, low attack complexity, required privileges, no user interaction, and high impact on confidentiality, integrity, and availability. The vulnerability is publicly disclosed but lacks vendor-provided patch or mitigation details. The product is not cloud-hosted, so remediation requires applying a vendor patch once available.

An attacker with some privileges on the affected MapSVG plugin can escalate their privileges, potentially gaining full control over the affected system or application. This can lead to complete compromise of confidentiality, integrity, and availability of the system using the vulnerable plugin. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor RomanCode's advisories for updates. Until a patch is available, consider restricting access to the MapSVG plugin to trusted users only and review privilege assignments carefully to limit potential abuse.