CVE-2025-53209

Deferred
Published: 02 Jun 2026, 09:43
Last modified:02 Jun 2026, 10:43

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (wordfence)
EPSS Score
0.02% LOW
0% probability
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Jun 2026, 09:43
Published
Vulnerability first disclosed
02 Jun 2026, 10:43
Last Modified
Vulnerability information updated

Description

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 7%

Techniques & Countermeasures

  • CWE-266Incorrect Privilege Assignment

    A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Systems

  • themeislemasteriyo lms pro

    ≥ n/a, ≤ 2.20.0

  • wordpresslearning-management-system-pro

    ≤ 2.20.0

References (2)