CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password.

This vulnerability is traded as CVE-2025-7080. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password

Post correlati

CVE-2024-8376 | Eclipse Mosquitto up to 2.0.18 Packet memory leak

CVE-2025-31918 | quantumcloud Simple Business Directory Pro Plugin up to 15.4.8 on WordPress privileges assignment

CVE-2023-50240 | LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 Realtek rtl819x Jungle SDK set_RadvdInterfaceParam stack-based overflow (TALOS-2023-1893)

CVE-2024-23479 | SolarWinds Access Rights Manager up to 2023.2.2 path traversal