CVE-2025-67418

CRITICAL

Oxygenz Clipbucket < 5.5.2 - Hard-coded Credentials

Title source: rule

Description

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.

References (2)

[Product] http://clipbucket.com

[Exploit, Mitigation, Third Party Advisory] https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927

Scores

CVSS v3 9.8

EPSS 0.0040

EPSS Percentile 60.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status published

Affected Products (1)

oxygenz/clipbucket < 5.5.2

Timeline

Published Dec 22, 2025

Tracked Since Feb 18, 2026