CVE-2024-33625

Summary

CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.

Affected Software

VendorProductVersion RangeStatus
CyberPowerPowerPanel business0 < 4.9.0affected

Weaknesses

  • CWE-259: CWE-259

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References