ГлавнаяУязвимости → CVE-2025-27845
9.8критическая

CVE-2025-27845

Описание

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://espec.comhttps://espec.com/na/about/detail/cve_2025_27845