Cyber Resilience

CVE-2021-47701

HighPublic PoC

Published: 09 December 2025

Published
09 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.8th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-47701 is a high-severity Missing Authorization (CWE-862) vulnerability in Openbmcs Openbmcs. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-47701 is a privilege escalation vulnerability affecting OpenBMCS version 2.4, specifically in the update_user_permissions.php script located in the '/plugins/useradmin/' directory. The flaw, classified under CWE-862 (Missing Authorization), allows an attacker to manipulate user permissions through a malicious HTTP POST request to PHP scripts in that directory. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility, low attack complexity, and requirements for low privileges.

An authenticated attacker with read-only user privileges can exploit this vulnerability remotely by submitting a crafted POST request to the affected endpoint. Successful exploitation enables escalation to administrator privileges, potentially granting full control over the OpenBMCS instance, including high-impact confidentiality, integrity, and availability violations as per the CVSS metrics.

Advisories from VulnCheck, Zero Science Labs, and an Exploit-DB entry (exploit 50669) document the issue, confirming the privilege escalation path and providing proof-of-concept details, though specific patch information or mitigation steps are outlined in those resources. The CVE was published on 2025-12-09.

EU & UK References

Vulnerability details

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/'…

more

directory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is a privilege escalation flaw (CWE-862 Missing Authorization) allowing low-privileged authenticated users to escalate to administrator via crafted HTTP POST requests to user permission scripts, directly mapping to Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-8547Shared CWE-862
CVE-2026-22172Shared CWE-862
CVE-2025-48574Shared CWE-862
CVE-2026-0026Shared CWE-862
CVE-2025-48578Shared CWE-862
CVE-2025-48634Shared CWE-862
CVE-2026-28193Shared CWE-862
CVE-2026-0845Shared CWE-862
CVE-2025-49723Shared CWE-862
CVE-2024-12171Shared CWE-862

Affected Assets

openbmcs
openbmcs
2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to the update_user_permissions.php script, directly addressing the CWE-862 missing authorization that enables privilege escalation.

prevent

Implements least privilege to restrict read-only users from modifying permissions, limiting the feasibility and impact of escalation to admin privileges.

prevent

Validates HTTP POST inputs to the useradmin directory scripts, preventing manipulation of permissions through crafted requests.

References