Cyber Posture

CVE-2025-56333

CriticalPublic PoC

Published: 29 December 2025

Published
29 December 2025
Modified
07 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0032 54.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly prevents exploitation of the improper authentication vulnerability in the 2FA component of Fossorial fosrl/pangolin.

IA-5 Authenticator Management good match
prevent

Authenticator management ensures robust handling and strength of 2FA mechanisms, countering the CWE-287 improper authentication leading to privilege escalation.

AC-6 Least Privilege partial match
prevent

Least privilege enforcement limits the impact and scope of privilege escalation even if the 2FA authentication bypass succeeds.

Security SummaryAI

CVE-2025-56333 is a critical vulnerability affecting Fossorial fosrl/pangolin versions 1.6.2 and prior. The issue resides in the 2FA component, enabling improper authentication as classified under CWE-287. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete confidentiality, integrity, and availability impacts without requiring privileges or user interaction.

A remote attacker can exploit this vulnerability over the network with low complexity. No prior authentication or user involvement is needed, allowing unauthenticated exploitation that results in privilege escalation. Successful attacks grant high-level access, potentially compromising the entire system.

Advisories and further details are available in the provided references, including the project repository at https://github.com/fosrl/pangolin and a Gist at https://gist.github.com/mrdgef/ef6fa41d69c0457874414c163d7d7d75 (noting a duplicate entry). Security practitioners should consult these for patch information, mitigation guidance, or workarounds specific to affected deployments. The vulnerability was published on 2025-12-29T16:15:42.483.

Details

CWE(s)
CWE-287

Affected Products

pangolin
pangolin
≤ 1.7.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CVE enables unauthenticated remote exploitation of public-facing application (2FA improper authentication bypass), directly facilitating initial access and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References