CNNVD-202510-2122 Information

CNNVD ID

CNNVD-202510-2122

Related CVE

CVE-2025-56749

• CNNVD Published: 2025-10-15

Description (Chinese)

Creativeitem Academy LMS是孟加拉国Creativeitem公司的一个在线学习管理系统。 Creativeitem Academy LMS 6.14及之前版本存在安全漏洞，该漏洞源于使用硬编码默认JWT密钥进行令牌签名，可能导致身份验证绕过和未经授权的账户访问。

Description (English)

Creativeitem Academy LMS is an online learning management system for Creativeitem in Bangladesh. There is a security loophole in Creativeitem Academy LMS 6.14 and earlier versions, which stems from the use of a hard-code default JWT key for token signature, which may lead to the identification being bypassed and unauthorized access to accounts.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Creativeitem

Published

2025-10-15

Last Modified

2026-02-24

References

https://suryadina.com/academy-lms-jwt-secret-7k9m2x4p8q/ https://access.redhat.com/security/cve/cve-2025-56749