CWE-547

Use of Hard-coded, Security-relevant Constants

The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.

CVE-2019-14837 (GCVE-0-2019-14837)
Vulnerability from cvelistv5
Published
2020-01-07 16:33
Modified
2024-08-05 00:26
Severity ?
CWE
Summary
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be 'service-account-test@placeholder.org'.
Impacted products
Vendor Product Version
Red Hat keycloak Version: before 8.0.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.jboss.org/browse/KEYCLOAK-10780"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "keycloak",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "before 8.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in keycloack before version 8.0.0. The owner of \u0027placeholder.org\u0027 domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name \u0027test\u0027 the email address will be \u0027service-account-test@placeholder.org\u0027."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-07T16:33:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14837"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.jboss.org/browse/KEYCLOAK-10780"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/keycloak/keycloak/commit/9a7c1a91a59ab85e7f8889a505be04a71580777f"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14837",
    "datePublished": "2020-01-07T16:33:21",
    "dateReserved": "2019-08-10T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1712 (GCVE-0-2023-1712)
Vulnerability from cvelistv5
Published
2023-03-30 00:00
Modified
2025-02-11 20:14
Severity ?
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.
Impacted products
Vendor Product Version
deepset-ai deepset-ai/haystack Version: unspecified   < 0.1.30
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:57:24.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1712",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T20:14:34.246401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T20:14:55.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "deepset-ai/haystack",
          "vendor": "deepset-ai",
          "versions": [
            {
              "lessThan": "0.1.30",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547 Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-30T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829"
        },
        {
          "url": "https://github.com/deepset-ai/haystack/commit/5fc84904f198de661d5b933fde756aa922bf09f1"
        }
      ],
      "source": {
        "advisory": "9a6b1fb4-ec9b-4cfa-af1e-9ce304924829",
        "discovery": "EXTERNAL"
      },
      "title": "Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-1712",
    "datePublished": "2023-03-30T00:00:00.000Z",
    "dateReserved": "2023-03-30T00:00:00.000Z",
    "dateUpdated": "2025-02-11T20:14:55.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-32021 (GCVE-0-2024-32021)
Vulnerability from cvelistv5
Published
2024-05-14 19:15
Modified
2025-02-13 17:52
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning will be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.
Impacted products
Vendor Product Version
git git Version: = 2.45.0
Version: = 2.44.0
Version: >= 2.43.0, < 2.43.4
Version: >= 2.42.0, < 2.42.2
Version: = 2.41.0
Version: >= 2.40.0, < 2.40.2
Version: < 2.39.4
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:git:git:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "git",
            "vendor": "git",
            "versions": [
              {
                "lessThan": "2.39.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.40.2",
                "status": "affected",
                "version": "2.40.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.41.1",
                "status": "affected",
                "version": "2.41.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.42.2",
                "status": "affected",
                "version": "2.42.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.43.4",
                "status": "affected",
                "version": "2.43.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.44.1",
                "status": "affected",
                "version": "2.44.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.45.1",
                "status": "affected",
                "version": "2.45.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32021",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T20:29:23.147248Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-11T20:39:28.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:59:50.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git",
          "versions": [
            {
              "status": "affected",
              "version": "= 2.45.0"
            },
            {
              "status": "affected",
              "version": "= 2.44.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.43.0, \u003c 2.43.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.42.0, \u003c 2.42.2"
            },
            {
              "status": "affected",
              "version": "= 2.41.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.40.0, \u003c 2.40.2"
            },
            {
              "status": "affected",
              "version": "\u003c 2.39.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository\u0027s `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning\nwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547: Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-26T10:05:54.295Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html"
        }
      ],
      "source": {
        "advisory": "GHSA-mvxm-9j2h-qjx7",
        "discovery": "UNKNOWN"
      },
      "title": "Local Git clone may hardlink arbitrary user-readable files into the new repository\u0027s \"objects/\" directory"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-32021",
    "datePublished": "2024-05-14T19:15:28.534Z",
    "dateReserved": "2024-04-09T15:29:35.937Z",
    "dateUpdated": "2025-02-13T17:52:05.770Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39888 (GCVE-0-2024-39888)
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2025-05-01 03:55
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.
Impacted products
Vendor Product Version
Siemens Mendix Encryption Version: V10.0.0   < V10.0.2
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:siemens:mendix_encryption:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mendix_encryption",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V10.0.2",
                "status": "affected",
                "version": "V10.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39888",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": ""
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-01T03:55:22.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Mendix Encryption",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.0.2",
              "status": "affected",
              "version": "V10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Mendix Encryption (All versions \u003e= V10.0.0 \u003c V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified.\r\n\r\nThis could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547: Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-09T12:05:35.455Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-39888",
    "datePublished": "2024-07-09T12:05:35.455Z",
    "dateReserved": "2024-07-02T14:00:15.330Z",
    "dateUpdated": "2025-05-01T03:55:22.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41885 (GCVE-0-2024-41885)
Vulnerability from cvelistv5
Published
2024-12-24 05:27
Modified
2024-12-24 15:24
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
Impacted products
Vendor Product Version
Hanwha Vision Co., Ltd. XRN-420S Version: 5.01.62 and prior versions
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-24T15:24:43.632686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-24T15:24:55.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "XRN-420S",
          "vendor": "Hanwha Vision Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "5.01.62 and prior versions"
            }
          ]
        }
      ],
      "datePublic": "2024-12-24T05:24:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cdiv\u003eTeam ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The seed string for the encrypt key was hardcoding.\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
            }
          ],
          "value": "Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR.\u00a0The seed string for the encrypt key was hardcoding.\u00a0The manufacturer has released patch firmware for the flaw, please refer to the manufacturer\u0027s report for details and workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547 Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-24T05:27:39.718Z",
        "orgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
        "shortName": "Hanwha_Vision"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hanwhavision.com/wp-content/uploads/2024/12/NVR-Vulnerability-Report-CVE-2024-4188241887.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Hardcoding sensitive information",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "fc9afe74-3f80-4fb7-a313-e6f036a89882",
    "assignerShortName": "Hanwha_Vision",
    "cveId": "CVE-2024-41885",
    "datePublished": "2024-12-24T05:27:39.718Z",
    "dateReserved": "2024-07-23T00:24:03.861Z",
    "dateUpdated": "2024-12-24T15:24:55.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2079 (GCVE-0-2025-2079)
Vulnerability from cvelistv5
Published
2025-03-13 16:55
Modified
2025-03-13 18:49
CWE
  • CWE-547 - Use of Hard-Coded, Security-Relevant Constants
Summary
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2079",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T18:49:38.525761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T18:49:46.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Visual BACnet Capture Tool",
          "vendor": "Optigo Networks",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.2rc11"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Optigo Visual Networks Capture Tool",
          "vendor": "Optigo Networks",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.2rc11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tomer Goldschmidt of Claroty Team82"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOptigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This could allow an attacker to generate valid JWT (JSON Web Token) sessions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547 Use of Hard-Coded, Security-Relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-13T16:55:27.567Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOptigo Networks recommends users to upgrade to the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVisual BACnet Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003cli\u003eOptigo Visual Networks Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Optigo Networks recommends users to upgrade to the following:\n\n  *  Visual BACnet Capture Tool:  Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n  *  Optigo Visual Networks Capture Tool:  Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-2079",
    "datePublished": "2025-03-13T16:55:27.567Z",
    "dateReserved": "2025-03-06T22:01:46.732Z",
    "dateUpdated": "2025-03-13T18:49:46.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2081 (GCVE-0-2025-2081)
Vulnerability from cvelistv5
Published
2025-03-13 17:00
Modified
2025-03-13 18:42
CWE
  • CWE-547 - Use of Hard-Coded, Security-Relevant Constants
Summary
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2081",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-13T18:42:48.492300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T18:42:58.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Visual BACnet Capture Tool",
          "vendor": "Optigo Networks",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.2rc11"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Optigo Visual Networks Capture Tool",
          "vendor": "Optigo Networks",
          "versions": [
            {
              "status": "affected",
              "version": "3.1.2rc11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tomer Goldschmidt of Claroty Team82"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eOptigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547 Use of Hard-Coded, Security-Relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-13T17:00:03.146Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-070-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOptigo Networks recommends users to upgrade to the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVisual BACnet Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003cli\u003eOptigo Visual Networks Capture Tool: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks\"\u003eVersion v3.1.3rc8\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Optigo Networks recommends users to upgrade to the following:\n\n  *  Visual BACnet Capture Tool:  Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/360011386412-Capture-Tool-Software-Visual-BACnet \n  *  Optigo Visual Networks Capture Tool:  Version v3.1.3rc8 https://optigo.zendesk.com/hc/en-us/sections/20125604316813-Capture-Tool-Software-Optigo-Visual-Networks"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-2081",
    "datePublished": "2025-03-13T17:00:03.146Z",
    "dateReserved": "2025-03-06T22:01:49.726Z",
    "dateUpdated": "2025-03-13T18:42:58.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-23253 (GCVE-0-2025-23253)
Vulnerability from cvelistv5
Published
2025-04-22 18:45
Modified
2025-04-22 18:55
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
Impacted products
Vendor Product Version
NVIDIA NVIDIA App Version: All versions up to and including 11.0.2.337 (prod2 hotfix)
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23253",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T18:53:59.464030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T18:55:57.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "NVIDIA App",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to and including 11.0.2.337 (prod2 hotfix)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
            }
          ],
          "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, denial of service, escalation of privileges, information disclosure, or data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547 Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-22T18:47:30.483Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23253",
    "datePublished": "2025-04-22T18:45:57.735Z",
    "dateReserved": "2025-01-14T01:06:22.262Z",
    "dateUpdated": "2025-04-22T18:55:57.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30206 (GCVE-0-2025-30206)
Vulnerability from cvelistv5
Published
2025-04-15 19:14
Modified
2025-04-15 19:58
Severity ?
CWE
  • CWE-321 - Use of Hard-coded Cryptographic Key
  • CWE-453 - Insecure Default Variable Initialization
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage.
Impacted products
Vendor Product Version
donknap dpanel Version: < 1.6.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30206",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T19:58:33.579367Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T19:58:52.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpanel",
          "vendor": "donknap",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321: Use of Hard-coded Cryptographic Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-453",
              "description": "CWE-453: Insecure Default Variable Initialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547: Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T19:14:41.450Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847"
        }
      ],
      "source": {
        "advisory": "GHSA-j752-cjcj-w847",
        "discovery": "UNKNOWN"
      },
      "title": "Dpanel\u0027s hard-coded JWT secret leads to remote code execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-30206",
    "datePublished": "2025-04-15T19:14:41.450Z",
    "dateReserved": "2025-03-18T18:15:13.849Z",
    "dateUpdated": "2025-04-15T19:58:52.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-49151 (GCVE-0-2025-49151)
Vulnerability from cvelistv5
Published
2025-06-25 16:32
Modified
2025-07-17 13:43
CWE
  • CWE-547 - Use of Hard-coded, Security-relevant Constants
Summary
The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
Impacted products
Vendor Product Version
Microsens NMP Web+ Version: 0   <
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49151",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T20:12:37.749818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T20:14:16.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NMP Web+",
          "vendor": "Microsens",
          "versions": [
            {
              "lessThanOrEqual": "Version 3.2.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tomer Goldschmidt and Noam Moshe of Claroty Team82"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.\u003c/span\u003e"
            }
          ],
          "value": "The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-547",
              "description": "CWE-547: Use of Hard-coded, Security-relevant Constants",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-17T13:43:28.516Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMICROSENS recommends users to update to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.microsens.com/support/downloads/nmp/\"\u003eNMP Web+ Version 3.3.0 for Windows and Linux\u003c/a\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "MICROSENS recommends users to update to  NMP Web+ Version 3.3.0 for Windows and Linux https://www.microsens.com/support/downloads/nmp/"
        }
      ],
      "source": {
        "advisory": "ICSA-25-175-07",
        "discovery": "UNKNOWN"
      },
      "title": "Use of Hard-coded, Security-relevant Constants in MICROSENS NMP Web+",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-49151",
    "datePublished": "2025-06-25T16:32:30.492Z",
    "dateReserved": "2025-06-02T17:06:38.139Z",
    "dateUpdated": "2025-07-17T13:43:28.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Implementation

Description:

  • Avoid using hard-coded constants. Configuration files offer a more flexible solution.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page