What is the CVSS score of CVE-2025-67586?

CVE-2025-67586 has a CVSS 3.1 base score of 4.7 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 1.7%.

Is there a public PoC exploit available for CVE-2025-67586?

Yes, a public proof-of-concept exploit is available for CVE-2025-67586. Prioritise patching immediately. EPSS: 1.7%.

Ronald Huereca Highlight CVE-2025-67586

MEDIUM

Missing Authorization (CWE-862)

2025-12-09 audit@patchstack.com

Authentication Bypass

4.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.7 MEDIUM

AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

DescriptionCVE.org

Missing Authorization vulnerability in Ronald Huereca Highlight and Share highlight-and-share allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Highlight and Share: from n/a through <= 5.2.0.

Analysis

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862).

Affected ProductsAI

Affected: Ronald Huereca Highlight and Share highlight-and-share

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-67586 vulnerability details – vuln.today

Back