ГлавнаяУязвимости → CVE-2025-69971
9.8критическая

CVE-2025-69971

Описание

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access.

Затрагиваемое ПО
Frangoteam Fuxa
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-helper.js