CNNVD-202508-3591 Information

CNNVD ID

CNNVD-202508-3591

Related CVE

CVE-2025-4643

• CNNVD Published: 2025-08-29

Description (Chinese)

Payload是一个使用 TypeScript、Node.js、React 和 MongoDB 构建的 Headless CMS 和应用程序框架。 Payload存在代码问题漏洞，该漏洞源于注销后JWT未失效，可能导致令牌重用。

Description (English)

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB. Payload had a code gap, which stemmed from the fact that JWT had not lapsed after write-off and could lead to the re-use of the token.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Payload

Published

2025-08-29

Last Modified

2026-02-24

References

https://payloadcms.com https://github.com/payloadcms/payload https://cert.pl/en/posts/2025/08/CVE-2025-4643 https://nvd.nist.gov/vuln/detail/CVE-2025-4643