CVE-2025-67397

Critical CVSS: 9.1

An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.

Vendor

Passy

Product

Passy

CWE

CWE-77

Yayın Tarihi

2026-01-05 19:15:56

Güncelleme

2026-01-22 21:12:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-77 Passy CRITICAL Passy 2026

Referanslar

https://github.com/giulioschiavone/Vulnerability-Research/tree/main/CVE-2025-67397 https://www.passy.it/