CVE-2025-14651 | MartialBE one-hub up to 0.14.27 docker-compose.yml SESSION_SECRET hard-coded key (Issue 872)

A vulnerability was found in MartialBE one-hub up to 0.14.27. It has been classified as critical. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key
.

This vulnerability is listed as CVE-2025-14651. The attack may be initiated remotely. In addition, an exploit is available.

It is recommended to change the configuration settings.

The code maintainer recommends (translated from Chinese): “The default docker-compose example file is not recommended for production use. If you intend to use it in production, please carefully check and modify every configuration and environment variable yourself!”

CVE-2025-14651 | MartialBE one-hub up to 0.14.27 docker-compose.yml SESSION_SECRET hard-coded key (Issue 872)

Post correlati

CVE-2025-58840 | Ibnul H. Custom Team Manager Plugin up to 2.4.2 on WordPress cross site scripting

CVE-2025-9610 | code-projects Online Event Judging System 1.0 /create_account.php fname sql injection

CVE-2023-49298 | OpenZFS up to 2.1.13/2.2.1 /etc/hosts.deny access control (ID 15526)

CVE-2023-52132 | Jewel Theme WP Adminify Plugin up to 3.1.6 on WordPress sql injection