CVE-2025-5164

Medium CVSS: 6.3

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Perfree

Product

Perfreeblog

CWE

CWE-320

Yayın Tarihi

2025-05-26 03:15:35

Güncelleme

2025-06-03 15:39:48

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-320 Perfreeblog MEDIUM Perfree 2025

Referanslar

https://github.com/147536951/Qiany1/blob/main/Perfreeblog_3.pdf https://vuldb.com/?ctiid.310252 https://vuldb.com/?id.310252 https://vuldb.com/?submit.576433 https://github.com/147536951/Qiany1/blob/main/Perfreeblog_3.pdf

Benzer Kayıtlar

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.