CVE-2025-27422

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27422
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27422.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27422
Aliases
  • GHSA-97cv-f342-v2jc
Published
2025-03-03T16:25:48.918Z
Modified
2026-04-10T05:24:51.694512Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
FACTION Allows Authentication Bypass via User Creation
Details

FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27422.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/factionsecurity/faction

Affected ranges

Type
GIT
Repo
https://github.com/factionsecurity/faction
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d11c0b87925300880473897d61c40116e7ab2e0a

Affected versions

1.*
1.1.0
1.1.1
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.2
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.24.0
1.1.24.1
1.1.24.2
1.1.24.3
1.1.25
1.1.25.0
1.1.25.1
1.1.26.0
1.1.26.1
1.1.26.2
1.1.27
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.1
1.3.2
1.3.20
1.3.21
1.3.22
1.3.23
1.3.24
1.3.25
1.3.26
1.3.27
1.3.28
1.3.29
1.3.3
1.3.32
1.3.33
1.3.34
1.3.35
1.3.36
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.4.0
1.4.1
1.4.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27422.json"