diff --git a/files/routes/admin.py b/files/routes/admin.py
index 8b8928b2b..fd7667e11 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -246,6 +246,9 @@ def remove_admin(v:User, username):
 
 	user = get_user(username)
 
+	if user.admin_level > v.admin_level:
+		abort(403)
+
 	if user.admin_level:
 		user.admin_level = 0
 		g.db.add(user)
@@ -323,6 +326,9 @@ def distribute(v:User, option_id):
 def revert_actions(v:User, username):
 	revertee = get_user(username)
 
+	if revertee.admin_level > v.admin_level:
+		abort(403)
+
 	ma = ModAction(
 		kind="revert",
 		user_id=v.id,