CNNVD-202512-4844 Information

CNNVD ID

CNNVD-202512-4844

Related CVE

CVE-2025-15108

• CNNVD Published: 2025-12-27

Description (Chinese)

PandaX是PandaX开源的一个 Go 语言开源的企业级物联网平台低代码开发框架。 PandaX存在安全漏洞，该漏洞源于对文件config.yml中参数key的错误操作，可能导致使用硬编码密钥。

Description (English)

PandaX is a low-code framework for the development of an open-source Go-language enterprise-level networking platform. There is a security loophole in PandaX, which stems from an error in the use of the parameter key in document config.yml, which may lead to the use of a hard-coding key.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

PandaX

Published

2025-12-27

Last Modified

2026-02-24

References

https://github.com/PandaXGO/PandaX/issues/9 https://vuldb.com/?submit.711519 https://vuldb.com/?ctiid.338479 https://vuldb.com/?id.338479 https://access.redhat.com/security/cve/cve-2025-15108