CVE-2025-15108 | PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 JWT Secret config.yml key hard-coded key

A vulnerability classified as problematic was found in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded cryptographic key
.

This vulnerability was named CVE-2025-15108. The attack may be performed from remote. In addition, an exploit is available.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More