CVE-2025-66022
BaseFortify
Publication date: 2025-11-26
Last updated on: 2026-01-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| owasp | faction | to 1.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in FACTION, a PenTesting Report Generation and Collaboration Framework, allows unauthenticated attackers to upload malicious extensions via the /portal/AppStoreDashboard endpoint due to a missing authentication check. These malicious extensions can execute arbitrary system commands on the server when lifecycle hooks are invoked, leading to remote code execution (RCE) on the host running FACTION. The issue was fixed in version 1.7.1.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain remote code execution on the server hosting FACTION without authentication. This can lead to full compromise of the server, including unauthorized access, data theft, service disruption, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Upgrade FACTION to version 1.7.1 or later, as this version contains the patch that fixes the vulnerability by adding authentication checks to the /portal/AppStoreDashboard endpoint and preventing untrusted extension code execution.