CNNVD-202508-3625 Information
CNNVD ID
CNNVD-202508-3625
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Coze Studio是Coze Studio开源的一款AI Agent可视化开发平台。 Coze Studio 0.2.4及之前版本存在安全漏洞,该漏洞源于文件backend/domain/plugin/encrypt/aes.go中参数AuthSecretKey/StateSecretKey/OAuthTokenSecretKey使用硬编码加密密钥。
Description (English)
Coze Studio is an AI Agent visual development platform for Coze Studio’s open source. The security loophole in Coze Studio 0.2.4 and previous versions stems from the use of hard-coded encryption keys in the parameters AuthSecretKey/StateSecretKey/OauthTokenSecretKey in fileback/domain/plugin/encrypt/aes.go.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Coze Studio
Published
2025-08-29
Last Modified
2026-02-24
References
https://vuldb.com/?submit.636417 https://vuldb.com/?id.321780 https://vuldb.com/?ctiid.321780 https://github.com/coze-dev/coze-studio/pull/533 https://github.com/coze-dev/coze-studio/issues/505#issuecomment-3148568862 https://nvd.nist.gov/vuln/detail/CVE-2025-9604
Patch
https://github.com/coze-dev/coze-studio/releases
Share on: