CVE-2025-67418
Unknown Unknown - Not Provided
Hardcoded Admin Credentials in ClipBucket 5.5.2 Allow Full Access

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: MITRE

Description
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67418
EUVD
EUVD-2025-204747
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
clipbucket clipbucket 5.5.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in ClipBucket 5.5.2 is due to improper access control where the software is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can use these default credentials to log in to the administrative panel, gaining full administrative control over the application.

Impact Analysis

The vulnerability allows an unauthenticated remote attacker to gain full administrative control of the ClipBucket application. This can lead to unauthorized access, modification, or deletion of data, disruption of services, and potential compromise of the entire system.

Detection Guidance

You can detect this vulnerability by attempting to access the ClipBucket administrative panel remotely and testing the default hardcoded administrative credentials. Since the vulnerability involves an unauthenticated remote login using default credentials, a practical detection method is to try logging in with known default usernames and passwords. Network scanning tools can also be used to identify exposed ClipBucket admin panels. Specific commands are not provided in the resources.

Mitigation Strategies

Immediate mitigation steps include changing the default hardcoded administrative credentials to strong, unique passwords and restricting access to the administrative panel to trusted IP addresses or networks. Additionally, updating the ClipBucket installation if a patch is available and monitoring for unauthorized access attempts are recommended.

Compliance Impact

The vulnerability allows an unauthenticated remote attacker to gain full administrative control due to hardcoded default credentials, which can lead to unauthorized access and potential data breaches. This situation can negatively impact compliance with standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive data. However, specific impacts on compliance are not detailed in the provided resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67418. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart