diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4bd2ce04e2..e6a8885371 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## 12.23Q4.5
  - Security Hotfix: 管理者用APIのアクセス権限が適切に設定されていない問題を修正
  - fix: Filter featured collection
+ - Appは管理者/モデレータ権限を使えないように
  - 依存関係の更新
 
 ## 12.23Q4.4
diff --git a/packages/backend/src/server/api/call.ts b/packages/backend/src/server/api/call.ts
index a85d40643b..b2124f5a0a 100644
--- a/packages/backend/src/server/api/call.ts
+++ b/packages/backend/src/server/api/call.ts
@@ -93,6 +93,14 @@ export default async (endpoint: string, user: CacheableLocalUser | null | undefi
         });
     }
 
+    if (token && ep.meta.requireAdmin) {
+        throw new ApiError(accessDenied, { reason: "Apps cannot use admin privileges." });
+    }
+
+    if (token && ep.meta.requireModerator) {
+        throw new ApiError(accessDenied, { reason: "Apps cannot use moderator privileges." });
+    }
+
     // Cast non JSON input
     if ((ep.meta.requireFile || ctx?.method === "GET") && ep.params.properties) {
         for (const k of Object.keys(ep.params.properties)) {