← back
CVE-2025-67418

CVE-2025-67418

CVSS 9.8 CRITICALEPSS 0.6%CWE-798
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://clipbucket.comhttps://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927