CVE-2025-41702 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 token…
Critical CVSS: 9.8

CVE-2025-41702

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
Vendor
-
Product
-
CWE
CWE-321
Yayın Tarihi
2025-08-26 06:15:32
Güncelleme
2025-08-26 13:41:58
Source Identifier
info@cert.vde.com
KEV Date Added
-

Kategoriler

CWE-321 CRITICAL 2025

Referanslar

https://certvde.com/de/advisories/VDE-2025-076