CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password.

This vulnerability is traded as CVE-2025-7080. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password

Post correlati

CVE-2024-45310 | opencontainers runc up to 1.1.13/1.2.0-rc2 os.MkdirAll race condition

CVE-2024-0046 | Google Android InstallPackageHelper.java installExistingPackageAsUser logic error

CVE-2024-6951 | SourceCodester Simple Online Book Store System 1.0 admin_delete.php bookisbn sql injection

CVE-2024-24059 | springboot-manager 1.6 unrestricted upload