Cyber Resilience

CVE-2025-67418

CriticalPublic PoC

Published: 22 December 2025

Published
22 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0057 42.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67418 is a critical-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Oxygenz Clipbucket. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-67418 is an improper access control vulnerability in ClipBucket 5.5.2, stemming from hardcoded default administrative credentials shipped or deployed with the product. This issue, published on 2025-12-22T20:15:45.303, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-798 (Use of Hard-coded Credentials), enabling unauthorized access to the application's administrative functions.

An unauthenticated remote attacker can exploit this vulnerability by logging into the administrative panel using the default credentials, resulting in full administrative control of the ClipBucket application. No privileges, user interaction, or special conditions are required, making it highly accessible over the network with low complexity.

Mitigation guidance is available in advisories referenced at http://clipbucket.com and the detailed analysis at https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927.

EU & UK References

Vulnerability details

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full…

more

administrative control of the application.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Hardcoded default admin credentials in a public-facing web application (ClipBucket) enable exploitation of public-facing applications (T1190) and use of default accounts (T1078.001) for unauthorized remote administrative access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21875Same product: Oxygenz Clipbucket
CVE-2026-25728Same product: Oxygenz Clipbucket
CVE-2025-21623Same product: Oxygenz Clipbucket
CVE-2025-21622Same product: Oxygenz Clipbucket
CVE-2025-21624Same product: Oxygenz Clipbucket
CVE-2026-32321Same product: Oxygenz Clipbucket
CVE-2025-9497Shared CWE-798
CVE-2023-53983Shared CWE-798
CVE-2024-8893Shared CWE-798
CVE-2022-50696Shared CWE-798

Affected Assets

oxygenz
clipbucket
5.3 — 5.5.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

IA-5 mandates management of authenticators to prohibit hardcoded or default credentials, directly preventing unauthorized administrative access via known defaults.

prevent

AC-2 requires proper account management including disabling or securing default administrative accounts, mitigating exploitation of shipped hardcoded credentials.

prevent

CM-6 enforces secure configuration settings by requiring changes to vendor default passwords and credentials, addressing the shipped improper access control.

References