CVE-2025-67418CRITICAL 9.8EPSS p42.8%

CVE-2025-67418CVE-2025-67418

Description

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.8% · 2026-06-19T12:03:05Z
Published2025-12-22
Last modified2026-01-02

Underlying weaknesses· 1

CWE-798

References

  1. http://clipbucket.com
  2. https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-64338
CVE
CVE-2025-1393
CVE
CVE-2026-32321
CVE
CVE-2025-63747
CVE
CVE-2025-52159
CVE
CVE-2025-21624
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.