CVE-2025-5164 | PerfreeBlog 4.0.11 JWT JwtUtil hard-coded key

Inserito da Angelo Barbosa | Mag 25, 2025 | CVE

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
.

This vulnerability was named CVE-2025-5164. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5164 | PerfreeBlog 4.0.11 JWT JwtUtil hard-coded key

Post correlati

CVE-2024-35837 | Linux Kernel up to 5.10.209/5.15.148/6.1.75/6.6.14/6.7.2 mvpp2 initialization

CVE-2024-38473 | Apache HTTP Server up to 2.4.59 Proxy Encoding encoding error

CVE-2023-39683 | EasyEmail up to 4.12.2 cross site scripting

CVE-2023-48644 | Archibus app 4.0.3 on iOS Create Work Request description cross site scripting