CVE-2025-8974
BaseFortify
Publication date: 2025-08-14
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linlinjava | litemall | to 1.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in linlinjava litemall up to version 1.8.0, specifically in the JSON Web Token Handler component. It involves manipulation of the SECRET argument using the input X-Litemall-Token, which leads to hard-coded credentials. This means an attacker could potentially exploit this flaw remotely, although the attack complexity is high and exploitation is difficult.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to exploit hard-coded credentials remotely, potentially compromising authentication or authorization mechanisms that rely on the JSON Web Token Handler. This could lead to unauthorized access or other security issues, although the attack is difficult to perform.