Platform
other
Component
faction
Fixed in
1.7.2
CVE-2025-66022 describes a Remote Code Execution (RCE) vulnerability within the FACTION PenTesting Report Generation and Collaboration Framework. This vulnerability allows an unauthenticated attacker to execute arbitrary system commands on the server hosting FACTION. It affects versions of FACTION prior to 1.7.1, and a fix is available in version 1.7.1.
The impact of CVE-2025-66022 is severe. An attacker can exploit this vulnerability by uploading a malicious extension through the unauthenticated /portal/AppStoreDashboard endpoint. Once uploaded, the extension's lifecycle hooks can trigger arbitrary system command execution on the server. This grants the attacker complete control over the affected system, enabling them to steal sensitive data, install malware, or pivot to other systems within the network. The lack of authentication makes this vulnerability particularly concerning, as any unauthenticated user can potentially compromise the system. This resembles the impact of other extension-based vulnerabilities where malicious code is injected and executed with elevated privileges.
CVE-2025-66022 was publicly disclosed on 2025-11-26. The vulnerability is considered high probability due to the lack of authentication and the ease of uploading malicious extensions. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The vulnerability is not currently listed on the CISA KEV catalog, but its critical severity warrants close monitoring.
Exploit Status
EPSS
0.81% (74% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-66022 is to immediately upgrade FACTION to version 1.7.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the /portal/AppStoreDashboard endpoint using a Web Application Firewall (WAF) or proxy to block unauthorized requests. Review existing extensions for any signs of compromise. Monitor system logs for unusual activity related to extension installation or execution. Implement strict file access controls to limit the permissions of the FACTION user account. After upgrading, confirm the fix by attempting to access the /portal/AppStoreDashboard endpoint without authentication and verifying that access is denied.
Actualice FACTION a la versión 1.7.1 o superior. Esta versión corrige la vulnerabilidad que permite la ejecución remota de código no autenticado. La actualización impedirá que atacantes suban extensiones maliciosas y ejecuten comandos arbitrarios en el servidor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-66022 is a critical Remote Code Execution vulnerability in FACTION versions prior to 1.7.1. An unauthenticated attacker can upload malicious extensions to execute arbitrary system commands.
You are affected if you are running FACTION version 1.7.1 or earlier. Upgrade to version 1.7.1 to mitigate the risk.
Upgrade FACTION to version 1.7.1 or later. As a temporary workaround, restrict access to the /portal/AppStoreDashboard endpoint using a WAF or proxy.
While there is no confirmed active exploitation at this time, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the FACTION project's official website or security advisory page for the latest information and updates regarding CVE-2025-66022.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.