CVE-2025-15107 | actiontech sqle up to 4.2511.0 JWT Secret sqle/utils/jwt.go JWTSecretKey hard-coded key (Issue 3186)

Uncategorized
Yanac

A vulnerability classified as problematic has been found in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key
.

This vulnerability is uniquely identified as CVE-2025-15107. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.VulDB Recent EntriesRead More