CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35)

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password.

The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More