CVE-2025-7453
BaseFortify
Publication date: 2025-07-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| saltbo | zpan | 1.6.5 |
| saltbo | zpan | 1.7.0-beta2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-255 |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the JSON Web Token Handler component of saltbo zpan up to versions 1.6.5 and 1.7.0-beta2. Specifically, it affects the NewToken function in the file zpan/internal/app/service/token.go. The issue arises because the input '123' leads to the use of a hard-coded password, which can be exploited remotely. The attack complexity is high and exploitation is difficult, but the exploit has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to remotely exploit the system by leveraging the hard-coded password in the token generation process. This could potentially lead to unauthorized access or manipulation of authentication tokens, compromising the security of the affected application. However, the attack complexity is high and exploitation is difficult.