cbcvebase.
CVE-2025-27422
published 2025-03-03

CVE-2025-27422: FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges…

PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
31.1th percentile
FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Affected

1 ranges
VendorProductVersion rangeFixed in
factionsecurityfaction< 1.4.31.4.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.