Critical CVSS: 9.1 CVE-2025-67397 An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.