Any user can change the passwords of each others, and root is no exception.This problem needs to be optimized because security vulnerabilities may exist. Hope to optimize the problem as soon as possible. Suggestions users can only change their own passwords.

Have you enabled authentication?