A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input
bluebell-plus
leads to use of hard-coded password.
The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.