Input Manipulation Vulnerability in gooaclok819 SublinkX Product
CVE-2025-6669

6.3MEDIUM

Key Information:

Vendor

Gooaclok819

Status
Sublinkx
Vendor
CVE Published:
25 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6669?

The vulnerability in gooaclok819's SublinkX up to version 1.8 is associated with a flaw in the handling of input parameters relating to the file middlewares/jwt.go. This issue arises from the use of a hard-coded cryptographic key, which can potentially allow malicious actors to exploit the system remotely. Although the complexity of this attack is assessed as relatively high, the public disclosure of the exploit increases the urgency for affected users to upgrade to version 1.9, which addresses this issue. Users are strongly advised to patch their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

sublinkX 1.0

sublinkX 1.1

sublinkX 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6669 - Proof of Concept

References

https://vuldb.com/?id.313882
vdb-entrytechnical-description
https://vuldb.com/?ctiid.313882
signaturepermissions-required
https://vuldb.com/?submit.602369
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tritium (VulDB User)
.
CVE-2025-6669 : Input Manipulation Vulnerability in gooaclok819 SublinkX Product