CVE-2025-7453 Information
Jul 12, 2025
cve
Description
A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://github.com/saltbo/zpan/issues/219 https://vuldb.com/?ctiid.316097 https://vuldb.com/?id.316097 https://vuldb.com/?submit.608447
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
3.7
Related CNNVD
CNNVD-202507-1689 (Published: 2025-07-11)
Share on: