Currently any admin user with edit rights can edit any other admin user (including themselves) to elevate their permissions beyond their current role.

Related EE TID: 8077