CVE-2025-11290 | CRMEB up to 5.6.1 JWT HMAC Secret secret hard-coded key

A vulnerability was found in CRMEB up to 5.6.1 and classified as critical. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with the input default leads to use of hard-coded cryptographic key
.

This vulnerability is referenced as CVE-2025-11290. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More