CVE-2025-56333

CriticalPublic PoC

Published: 29 December 2025

Published

29 December 2025

Modified

07 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0032 54.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-56333 is a critical-severity Improper Authentication (CWE-287) vulnerability in Pangolin Pangolin. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation directly prevents exploitation of the improper authentication vulnerability in the 2FA component of Fossorial fosrl/pangolin.

IA-5 Authenticator Management good match

prevent

Authenticator management ensures robust handling and strength of 2FA mechanisms, countering the CWE-287 improper authentication leading to privilege escalation.

AC-6 Least Privilege partial match

prevent

Least privilege enforcement limits the impact and scope of privilege escalation even if the 2FA authentication bypass succeeds.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated remote exploitation of public-facing application (2FA improper authentication bypass), directly facilitating initial access and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

Deeper analysisAI

CVE-2025-56333 is a critical vulnerability affecting Fossorial fosrl/pangolin versions 1.6.2 and prior. The issue resides in the 2FA component, enabling improper authentication as classified under CWE-287. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for complete confidentiality, integrity, and availability impacts without requiring privileges or user interaction.

A remote attacker can exploit this vulnerability over the network with low complexity. No prior authentication or user involvement is needed, allowing unauthenticated exploitation that results in privilege escalation. Successful attacks grant high-level access, potentially compromising the entire system.

Advisories and further details are available in the provided references, including the project repository at https://github.com/fosrl/pangolin and a Gist at https://gist.github.com/mrdgef/ef6fa41d69c0457874414c163d7d7d75 (noting a duplicate entry). Security practitioners should consult these for patch information, mitigation guidance, or workarounds specific to affected deployments. The vulnerability was published on 2025-12-29T16:15:42.483.