TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-67418

CRITICAL
9.8

Beschreibung

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht12/22/2025
Zuletzt geandert1/2/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

oxygenz:clipbucket

Schwachen (CWE)

CWE-798

Referenzen

http://clipbucket.com(cve@mitre.org)
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.