CNNVD-202510-735 Information

CNNVD ID

CNNVD-202510-735

Related CVE

CVE-2025-11290

• CNNVD Published: 2025-10-05

Description (Chinese)

CRMEB是CRMEB开源的一个 Java 商城系统。 CRMEB 5.6.1及之前版本存在安全漏洞，该漏洞源于JWT HMAC Secret Handler组件对参数secret使用硬编码加密密钥，可能导致远程攻击。

Description (English)

CRMEB is a Java mall system open to CRMEB. There is a security loophole in CRMEB 5.6.1 and previous versions, which stems from the use of hard-coded encryption keys by the JWT HMAC Secret Handler component to the parameter secret, which may lead to a remote attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CRMEB

Published

2025-10-05

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.327171 https://vuldb.com/?id.327171 https://vuldb.com/?submit.659843 https://access.redhat.com/security/cve/cve-2025-11290