Authentication Bypass in FACTION PenTesting Report Generation Framework
CVE-2025-27422

7.5HIGH

Key Information:

Vendor: Factionsecurity
Status: Faction
Vendor: CVE Published:; 3 March 2025

🔔 Create Factionsecurity Vulnerability Alert

What is CVE-2025-27422?

The FACTION PenTesting Report Generation Framework has an authentication bypass vulnerability that allows attackers to create a new user with admin privileges without proper authorization. This can occur at any time as long as the request meets the basic validation requirements (such as a secure password and complete information). However, there are no additional controls preventing unauthorized users from gaining elevated privileges. This vulnerability was addressed in version 1.4.3.

Affected Version(s)

faction < 1.4.3

References

https://github.com/factionsecurity/faction/security/advis...

x_refsource_CONFIRM

https://github.com/factionsecurity/faction/commit/0a6848d...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 24, 2025

CVE-2025-27422 Data

JSON