CVE-2025-67418

CRITICAL

Oxygenz Clipbucket < 5.5.2 - Hard-coded Credentials

Title source: rule

Description

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.

References (2)

[Product] http://clipbucket.com

[Exploit, Mitigation, Third Party Advisory] https://medium.com/@arpit03sharma2003/cve-2025-67418-when-default-credentials-become-a-remote-root-button-03be5ee4b927

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 64.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

oxygenz/clipbucket 5.3 - 5.5.2

Published Dec 22, 2025

Tracked Since Feb 18, 2026