CVE-2025-27422

HIGH EPSS 31.1%

Published Mar 3, 20251y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 3, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

31.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

References 2

github.com https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6
github.com https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.