8.1
CVE-2025-11290
- EPSS 0.36%
- Veröffentlicht 05.10.2025 11:32:04
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginCRMEB JWT HMAC Secret hard-coded key
A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key . It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.278 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 2.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-321 Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
https://vuldb.com/?id.327171
https://vuldb.com/?ctiid.327171
https://vuldb.com/?submit.659843