CVE-2025-67397

CRITICAL
2026-01-05 [email protected]
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 05, 2026 - 19:15 nvd
CRITICAL 9.1

Tags

Command Injection RCE Passy

Description

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.

Analysis

Passy v1.6.3 password manager allows authenticated administrators to execute arbitrary OS commands via crafted HTTP requests. The scope change from application to OS makes this critical despite requiring high privileges.

Technical Context

An authenticated admin can inject commands through a specific HTTP request parameter (CWE-77). The scope change indicates command execution breaks out of the Passy application to the host OS. Compromising a password manager's host server exposes all stored credentials.

Affected Products

Passy v1.6.3

Remediation

Update Passy when a patch is available. Restrict admin access. Monitor for unusual HTTP requests to the Passy server.

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +46
POC: 0

Share

CVE-2025-67397 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy