CVE-2025-67418

CriticalPublic PoC

Published: 22 December 2025

Published

22 December 2025

Modified

02 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0047 64.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full…

administrative control of the application.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 mandates management of authenticators to prohibit hardcoded or default credentials, directly preventing unauthorized administrative access via known defaults.

AC-2 Account Management good match

prevent

AC-2 requires proper account management including disabling or securing default administrative accounts, mitigating exploitation of shipped hardcoded credentials.

CM-6 Configuration Settings good match

prevent

CM-6 enforces secure configuration settings by requiring changes to vendor default passwords and credentials, addressing the shipped improper access control.

Security SummaryAI

CVE-2025-67418 is an improper access control vulnerability in ClipBucket 5.5.2, stemming from hardcoded default administrative credentials shipped or deployed with the product. This issue, published on 2025-12-22T20:15:45.303, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-798 (Use of Hard-coded Credentials), enabling unauthorized access to the application's administrative functions.

An unauthenticated remote attacker can exploit this vulnerability by logging into the administrative panel using the default credentials, resulting in full administrative control of the ClipBucket application. No privileges, user interaction, or special conditions are required, making it highly accessible over the network with low complexity.

Mitigation guidance is available in advisories referenced at http://clipbucket.com and the detailed analysis at https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927.

Details

CWE(s): CWE-798

Affected Products

oxygenz

clipbucket

5.3 — 5.5.2

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Hardcoded default admin credentials in a public-facing web application (ClipBucket) enable exploitation of public-facing applications (T1190) and use of default accounts (T1078.001) for unauthorized remote administrative access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

http://clipbucket.com
Product · cve@mitre.org
https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927
Exploit, Mitigation, Third Party Advisory · cve@mitre.org