nvd-json-data-feeds/CVE-2025/CVE-2025-274xx/CVE-2025-27422.json

{
  "id": "CVE-2025-27422",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2025-03-03T17:15:15.787",
  "lastModified": "2025-03-03T17:15:15.787",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3."
    },
    {
      "lang": "es",
      "value": "FACTION es un framework de colaboraci\u00f3n y generaci\u00f3n de informes de pruebas de penetraci\u00f3n. La autenticaci\u00f3n se omite cuando un atacante registra un nuevo usuario con privilegios de administrador. Esto es posible en cualquier momento sin autorizaci\u00f3n. La solicitud debe seguir las reglas de validaci\u00f3n (no falta informaci\u00f3n, contrase\u00f1a segura, etc.) pero no hay otros controles que las impidan. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.4.3."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc",
      "source": "security-advisories@github.com"
    }
  ]
}
Auto-Update: 2025-03-03T19:00:20.497556+00:00 2025-03-03 19:03:49 +00:00			`{`
			`"id": "CVE-2025-27422",`
			`"sourceIdentifier": "security-advisories@github.com",`
			`"published": "2025-03-03T17:15:15.787",`
			`"lastModified": "2025-03-03T17:15:15.787",`
Auto-Update: 2025-03-09T03:00:19.873769+00:00 2025-03-09 03:03:50 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2025-03-03T19:00:20.497556+00:00 2025-03-03 19:03:49 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3."`
Auto-Update: 2025-03-09T03:00:19.873769+00:00 2025-03-09 03:03:50 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "FACTION es un framework de colaboraci\u00f3n y generaci\u00f3n de informes de pruebas de penetraci\u00f3n. La autenticaci\u00f3n se omite cuando un atacante registra un nuevo usuario con privilegios de administrador. Esto es posible en cualquier momento sin autorizaci\u00f3n. La solicitud debe seguir las reglas de validaci\u00f3n (no falta informaci\u00f3n, contrase\u00f1a segura, etc.) pero no hay otros controles que las impidan. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.4.3."
Auto-Update: 2025-03-03T19:00:20.497556+00:00 2025-03-03 19:03:49 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",`
			`"baseScore": 7.5,`
			`"baseSeverity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security-advisories@github.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-287"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6",`
			`"source": "security-advisories@github.com"`
			`},`
			`{`
			`"url": "https://github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jc",`
			`"source": "security-advisories@github.com"`
			`}`
			`]`
			`}`