CVE-2025-27134 | laurent22 joplin up to 3.3.2 API Endpoint /api/users/:id is_admin access control (GHSA-xj67-649m-3p8x)

A vulnerability, which was classified as critical, has been found in laurent22 joplin up to 3.3.2. Affected by this issue is some unknown functionality of the file /api/users/:id of the component API Endpoint. The manipulation of the argument is_admin with the input 1 leads to improper access controls.

This vulnerability is handled as CVE-2025-27134. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More