[Security advisory] Authenticated user privilege escalation vulnerability via insecure regex in URL paths

[Security advisory] Authenticated user privilege escalation vulnerability via insecure regex in URL paths

Hello,

 

This security advisory addresses the privilege escalation vulnerability via insecure regex in URL paths in ServiceDesk Plus MSP  .

 

We strongly urge all customers to upgrade to the latest version of ServiceDesk Plus MSP immediately.

 

CVE ID: CVE-2025-8309

 

Severity: High

 

Impact

Allows an authenticated, low-privileged user to take control of any account, including administrator accounts, potentially leading to data exposure and unauthorized actions.

 

What lead to the vulnerability?

The vulnerability was caused by overly permissive regular expression (regex) rules in URL mapping, which allowed for privilege escalation. This allowed for incorrect matching of servlet paths using wildcards, leading to the vulnerability.

 

This vulnerability is applicable only when:

This vulnerability allows a threat actor to target a user account that is not associated with an email address. However, this vulnerability has no impact if the local authentication is disabled or if the target user account has an associated email address.

 

Who is affected?

This vulnerability affects ServiceDesk Plus MSP customers using versions 14930 and below.

 

How was the issue fixed?

Stricter URL path validation was implemented to prevent unauthorized access, and unused API servlet classes along with their URL mappings were removed.

 

How to find out whether you are affected

Click the Help button in the top-right corner of the ServiceDesk Plus MSP web client and select About from the drop-down to see your current version. Your installation is vulnerable if your current version is 14930 or below.

 

What customers should do

Customers using versions 14930 and below can upgrade to the latest version (14940) using the appropriate migration path listed here.

 

Please read the upgrade instructions carefully before beginning the upgrade. For assistance, write to support@servicedeskplusmsp.com or call us toll free at +1.888.720.9500.

 

Important note: As always, make a copy of your entire ServiceDesk Plus MSP installation folder before applying the upgrade and keep the copy in a separate location. If anything goes wrong during the upgrade, you will have this copy as a backup, which will keep all of your settings intact. If you are using Microsoft SQL Server as a back-end database, backup the ServiceDesk Plus MSP database before upgrading. Once the upgrade is successfully completed, remember to delete the backup.

 

We offer our sincerest apologies for any inconvenience this vulnerability may have caused. If you have any questions or concerns, please reach out to us at support@servicedeskplusmsp.com.

                  New to ADSelfService Plus?