CVE-2025-56332

CriticalPublic PoC

Published: 30 December 2025

Published

30 December 2025

Modified

07 January 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0013 32.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-56332 is a critical-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Pangolin Pangolin. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Directly mitigates insecure default configurations in fosrl/pangolin by requiring establishment, documentation, and enforcement of secure configuration settings for system components.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Limits and documents permitted actions without identification or authentication, preventing unauthorized access to Pangolin resources via authentication bypass.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations and policies, countering authentication bypass vulnerabilities that allow logical access to sensitive resources.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

CVE-2025-56332 is an authentication bypass in a network-accessible service (AV:N/PR:N), directly enabling exploitation of a public-facing application for unauthorized access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration

Deeper analysisAI

CVE-2025-56332 is an authentication bypass vulnerability in fosrl/pangolin versions v1.6.2 and prior, caused by an insecure default configuration. This flaw allows attackers to access Pangolin resources without proper authentication.

The vulnerability carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), making it exploitable by unauthenticated attackers over the network with low attack complexity and no user interaction required. Exploitation grants high confidentiality and integrity impacts, enabling unauthorized access and potential modification of sensitive Pangolin resources, while availability remains unaffected. It is associated with CWE-1188 (Insecure Default Initialization of Resource).

Mitigation guidance and additional details are available in advisories at https://gist.github.com/mrdgef/ef6fa41d69c0457874414c163d7d7d75 and the project repository https://github.com/fosrl/pangolin.

Details

CWE(s): CWE-1188

Affected Products

pangolin

≤ 1.7.0

CVEs Like This One

CVE-2025-56333Same product: Pangolin Pangolin

CVE-2026-32965Shared CWE-1188

CVE-2026-31957Shared CWE-1188

CVE-2025-69970Shared CWE-1188

CVE-2026-43581Shared CWE-1188

CVE-2025-2129Shared CWE-1188

CVE-2018-25193Shared CWE-1188

CVE-2026-44109Shared CWE-1188

CVE-2026-33037Shared CWE-1188

CVE-2025-25271Shared CWE-1188

References

https://gist.github.com/mrdgef/ef6fa41d69c0457874414c163d7d7d75
Exploit · cve@mitre.org
https://github.com/fosrl/pangolin
Product · cve@mitre.org