This vulnerability (CVE-2025-59563) affects Sonaar music software versions up to 4.27.4 and is classified as CWE-266 (Incorrect Privilege Assignment). It allows a subscriber to escalate privileges beyond their intended access level. The CVSS 3.1 base score is 8.8 with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network attack vector, low attack complexity, privileges required at the level of a subscriber, no user interaction needed, unchanged scope, and high impact on confidentiality, integrity, and availability. No official patch or remediation level has been provided by the vendor or advisory sources. The vulnerability is not known to be exploited in the wild at this time.

Successful exploitation of this vulnerability could allow a subscriber to gain elevated privileges, potentially leading to full compromise of the affected Sonaar software instance. This includes unauthorized access to sensitive data, modification of data, and disruption of service. The high CVSS score reflects the critical nature of the impact on confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation has been published, users should monitor vendor communications for updates. Until a patch is available, consider restricting subscriber privileges and monitoring for suspicious activity related to privilege escalation attempts.