CVE-2025-58386 is a critical security vulnerability identified in Terminalfour content management system versions 8 through 8.4.1.1. The root cause is the lack of proper server-side authorization validation on the userLevel parameter within the user management functionality. This parameter controls the privilege level assigned to user accounts. A user with Power User privileges can intercept and manipulate requests to escalate privileges by assigning the Administrator role to other existing lower-privileged accounts or newly invited accounts. Furthermore, the attacker can change the password of the targeted account during this manipulation, effectively gaining full control over that account. The vulnerability does not require prior authentication or user interaction, and it can be exploited remotely over the network. The CVSS v3.1 base score is 9.8, indicating a critical severity due to its high impact on confidentiality, integrity, and availability. The vulnerability corresponds to CWE-285 (Improper Authorization). Although no public exploits have been reported yet, the ease of exploitation and the potential for complete system compromise make this a significant threat. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation efforts.

For European organizations using Terminalfour CMS versions 8 through 8.4.1.1, this vulnerability poses a severe risk. Exploitation allows attackers to escalate privileges from Power User to Administrator, enabling full control over the CMS environment. This can lead to unauthorized data access, modification, or deletion, disruption of website availability, and potential deployment of malicious content or backdoors. Given Terminalfour's use in higher education, government, and enterprise sectors across Europe, the impact could extend to sensitive personal data breaches, reputational damage, and regulatory non-compliance under GDPR. The ability to change account passwords further exacerbates the risk by locking out legitimate administrators and hindering incident response. The remote and unauthenticated nature of the exploit increases the likelihood of widespread attacks if not mitigated promptly.

European organizations should immediately audit their Terminalfour CMS installations to identify affected versions (8 through 8.4.1.1). Until an official patch is released, implement strict network-level access controls to limit access to the user management interface only to trusted administrators. Employ Web Application Firewalls (WAFs) with custom rules to detect and block unauthorized modifications of the userLevel parameter. Monitor logs for unusual privilege escalation attempts or password changes. Enforce multi-factor authentication (MFA) for all administrative accounts to reduce the impact of compromised credentials. Regularly back up CMS data and configurations to enable rapid recovery. Engage with the vendor for timelines on patch availability and apply updates immediately upon release. Additionally, conduct user privilege reviews to minimize the number of Power Users and restrict their capabilities where possible.