CVE-2025-65730 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.
High CVSS: 8.8

CVE-2025-65730

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.
Vendor
Pommee
Product
Goaway
CWE
CWE-798
Yayın Tarihi
2025-12-05 16:15:50
Güncelleme
2025-12-11 18:01:50
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-798 Goaway HIGH Pommee 2025

Referanslar

https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/auth.go#L48 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L110 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L15 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L40 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L69 https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L88 https://github.com/pommee/goaway/commit/5769f8782b7453ca1c22a201b224b5ce48532f64#diff-4ddfd6cf1311ddfd45734bb1dc53bc208df69584ba92ac4f38866bd558434678L15-L40 https://github.com/pommee/goaway/releases/tag/v0.62.16