CVE-2025-10671
BaseFortify
Publication date: 2025-09-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| youth-is-as-pale-as-poetry | e-learning | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-330 | The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. |
| CWE-310 | Cryptographic Issues |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the encryptSecret function of the JWT Token Handler component in youth-is-as-pale-as-poetry e-learning 1.0. It causes the generation of insufficiently random values, which can be exploited remotely. The attack complexity is high and exploitability is difficult, but the exploit has been publicly disclosed.
How can this vulnerability impact me? :
The vulnerability can lead to the use of predictable or insufficiently random values in encryption, potentially weakening the security of JWT tokens. This could allow attackers to compromise confidentiality by guessing or reproducing tokens, although the attack complexity is high and exploitability is difficult.