High severity7.5NVD Advisory· Published Mar 3, 2025· Updated Apr 15, 2026

CVE-2025-27422

Description

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Patches

d11c0b879253

https://github.com/factionsecurity/factionvia osv

0a6848d388d6

https://github.com/factionsecurity/factionvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/factionsecurity/faction/commit/0a6848d388d6dba1c81918cce2772b1e805cd3d6nvd
github.com/factionsecurity/faction/security/advisories/GHSA-97cv-f342-v2jcnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000