CNNVD-202507-2941 Information
CNNVD ID
CNNVD-202507-2941
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
HAXcms with nodejs backend是HAX The Web开源的一个后端管理系统。 HAXcms with nodejs backend 11.0.9及之前版本存在安全漏洞,该漏洞源于硬编码默认凭据和JWT私钥,可能导致未授权访问。
Description (English)
HAXcms with nodejs backend is a back-end management system for HAX The Web Open Source. There is a security loophole in HAXcms with nodejs backend 11.0.9 and earlier versions, which stems from hard-coding default certificates and JWT private keys, which may lead to unauthorized access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
HAX The Web
Published
2025-07-22
Last Modified
2026-02-24
References
https://github.com/haxtheweb/haxcms-nodejs/blob/main/src/lib/HAXCMS.js#L1614 https://github.com/haxtheweb/haxcms-nodejs/commit/6dc2441c876350ca6fe9fbaecb058d92ef442869 https://github.com/haxtheweb/issues/security/advisories/GHSA-5fpv-5qvh-7cf3 https://nvd.nist.gov/vuln/detail/CVE-2025-54137 https://access.redhat.com/security/cve/cve-2025-54137
Patch
https://github.com/haxtheweb/haxcms-nodejs/tags
Share on: