TROYANOSYVIRUS
Volver a CVEs

CVE-2025-27422

HIGH
7.5

Descripcion

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Detalles CVE

Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/3/2025
Ultima modificacion3/3/2025
Fuentenvd
Avistamientos honeypot0

Debilidades (CWE)

CWE-287

Referencias

https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6(security-advisories@github.com)
https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.