diff --git a/changelog.txt b/changelog.txt
index e372666a..e7d62bd5 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -2,7 +2,7 @@
 
 = 2.11.1 December xx, 2025 =
 
-
+Fixed: CVE-2025-14081
 
 = 2.11.0 December 02, 2025 =
 
diff --git a/includes/core/class-account.php b/includes/core/class-account.php
index 4ba9085a..4621752d 100644
--- a/includes/core/class-account.php
+++ b/includes/core/class-account.php
@@ -473,23 +473,27 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 			return $url;
 		}
 
-
 		/**
 		 * @param $fields
 		 * @param $shortcode_args
 		 * @return mixed
 		 */
-		function filter_fields_by_attrs( $fields, $shortcode_args ) {
+		private function filter_fields_by_attrs( $fields, $shortcode_args ) {
 			foreach ( $fields as $k => $field ) {
 				if ( isset( $shortcode_args[ $field['metakey'] ] ) && 0 == $shortcode_args[ $field['metakey'] ] ) {
 					unset( $fields[ $k ] );
+					continue;
+				}
+
+				// required user permission 'required_perm' - it's field attribute predefined in the field data in code.
+				if ( isset( $data['required_perm'] ) && ! UM()->roles()->um_user_can( $data['required_perm'] ) ) {
+					unset( $fields[ $k ] );
 				}
 			}
 
 			return $fields;
 		}
 
-
 		/**
 		 * Init displayed fields for security check
 		 *
diff --git a/readme.txt b/readme.txt
index b00c2e6a..e85c9777 100644
--- a/readme.txt
+++ b/readme.txt
@@ -169,7 +169,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 
 = 2.11.1 2025-12-xx =
 
-
+Fixed: CVE-2025-14081
 
 = 2.11.0 2025-12-02 =