CVE-2025-7453

Summary

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
saltbozpan1.6.0affected
saltbozpan1.6.1affected
saltbozpan1.6.2affected
saltbozpan1.6.3affected
saltbozpan1.6.4affected
saltbozpan1.6.5affected
saltbozpan1.7.0-beta1affected
saltbozpan1.7.0-beta2affected

Weaknesses

  • CWE-259: Use of Hard-coded Password
  • CWE-255: Credentials Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References