Cybersecurity Vulnerabilities

CVE-2025-66022: Critical RCE Threat in FACTION PenTesting Framework – Upgrade Now!

November 26, 2025 - By 

Overview

CVE-2025-66022 identifies a critical remote code execution (RCE) vulnerability in FACTION, a PenTesting Report Generation and Collaboration Framework. This vulnerability allows unauthenticated attackers to execute arbitrary system commands on the server hosting FACTION. The issue stems from a combination of missing authentication and a vulnerable extension execution path.

Technical Details

Prior to version 1.7.1, FACTION’s extension framework contains a flaw that allows untrusted extension code to execute arbitrary system commands when a lifecycle hook is triggered. The core issue is the lack of proper input validation and sanitization when handling extensions.

Crucially, the /portal/AppStoreDashboard endpoint, responsible for extension management, lacks an authentication check. This means an unauthenticated attacker can access the extension management UI and upload a malicious extension without needing any valid credentials. Once uploaded and a lifecycle hook is invoked, the attacker-controlled extension code executes arbitrary commands with the privileges of the FACTION application, leading to full remote code execution on the server.

CVSS Analysis

  • Severity: CRITICAL
  • CVSS Score: 9.6

This vulnerability has been assigned a CVSS score of 9.6, classifying it as CRITICAL. This high score reflects the ease of exploitation (no authentication required), the severity of the impact (full system compromise), and the potential for widespread damage.

Possible Impact

Successful exploitation of CVE-2025-66022 can have devastating consequences, including:

  • Full System Compromise: Attackers can gain complete control of the server hosting FACTION.
  • Data Breach: Sensitive data stored within the FACTION framework or accessible from the compromised server could be stolen.
  • Service Disruption: Attackers could disrupt the operation of FACTION, preventing legitimate users from accessing and utilizing the platform.
  • Lateral Movement: A compromised FACTION instance could be used as a launching pad to attack other systems on the same network.

Mitigation or Patch Steps

The vulnerability has been patched in FACTION version 1.7.1. It is strongly recommended that all users upgrade to version 1.7.1 or later immediately. This update includes the necessary authentication checks and input validation to prevent exploitation of CVE-2025-66022.

Steps to mitigate the risk:

  1. Upgrade FACTION: Upgrade to version 1.7.1 or a later version immediately.
  2. Verify Upgrade: After the upgrade, ensure that the /portal/AppStoreDashboard endpoint requires authentication.
  3. Monitor Logs: Monitor FACTION’s logs for any suspicious activity related to extension uploads or execution.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *