Login Sign Up

CVE-2025-67397

9.1 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2025-67397 is a command injection vulnerability in Passy v1.6.3 that allows authenticated remote attackers to execute arbitrary commands on affected systems. This affects organizations using Passy v1.6.3 for password management or similar functions. Attackers can gain full control of vulnerable systems through crafted HTTP requests.

💻 Affected Systems

Products:
  • Passy
Versions: v1.6.3
Operating Systems: All platforms running Passy
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the Passy application interface.

📦 What is this software?

Passy by Passy

View all CVEs affecting Passy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, lateral movement, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Attacker gains shell access to execute commands, potentially stealing credentials, installing malware, or disrupting services.

🟢

If Mitigated

Limited impact due to network segmentation, minimal privileges, and proper input validation preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but uses simple HTTP request manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.passy.it/

Restart Required: No

Instructions:

1. Check Passy website for security updates. 2. Upgrade to patched version when available. 3. Apply workarounds immediately.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to block command injection payloads

# Configure web application firewall rules to block suspicious patterns
# Implement parameter validation in application code

Network Segmentation

all

Isolate Passy instances from critical systems

# Configure firewall rules to restrict Passy network access
# Use VLANs or network zones to separate Passy from sensitive systems

🧯 If You Can't Patch

  • Disable or restrict access to Passy application interfaces
  • Implement strict network controls and monitor for suspicious HTTP requests

🔍 How to Verify

Check if Vulnerable:

Check if running Passy v1.6.3 by examining version information in application interface or configuration files.

Check Version:

Check Passy web interface or configuration files for version information

Verify Fix Applied:

Verify upgrade to version above v1.6.3 when patch becomes available.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in system logs
  • Suspicious HTTP requests containing shell metacharacters
  • Authentication logs showing unexpected access patterns

Network Indicators:

  • HTTP requests with command injection payloads to Passy endpoints
  • Outbound connections from Passy server to unexpected destinations

SIEM Query:

source="web_logs" AND (url="*passy*" AND (request="*;*" OR request="*|*" OR request="*`*" OR request="*$(*"))

📊 Metadata

CVE ID: CVE-2025-67397
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-77
EPSS Score: 0.35% exploit probability (57.1th percentile)
Published: January 5, 2026
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67397, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)