JWT Token Handler Vulnerability in Done-0 Jank Affected by Hard-Coded Secrets
CVE-2025-7080
Key Information:
Badges
What is CVE-2025-7080?
A vulnerability in the JWT Token Handler of Done-0 Jank has been identified, where hard-coded passwords can be exploited due to inadequate access control in the arguments accessSecret and refreshSecret. This issue allows a remote attacker to manipulate these arguments, leading to unauthorized access through the use of hard-coded secrets. The complexity of exploiting this vulnerability is high, and while it has been publicly disclosed, the process of executing the exploit is considered challenging. Due to the continuous delivery model employed by the product, specific version details for affected and updated releases are not clearly outlined.
Affected Version(s)
Jank 322caebbad10568460364b9667aa62c3080bfc17
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved