CVE-2025-13877
BaseFortify
Publication date: 2025-12-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nocobase | nocobase | 1.9.4 |
| nocobase | nocobase | 2.0.0-alpha.37 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in nocobase up to versions 1.9.4 and 2.0.0-alpha.37, specifically in an unknown function within the JWT Service component. It involves the manipulation of the API_KEY argument, which leads to the use of a hard-coded cryptographic key. This flaw can be exploited remotely, but the attack requires high complexity and is difficult to execute. The exploit is publicly available.
How can this vulnerability impact me? :
The vulnerability can impact you by compromising the confidentiality, integrity, and availability of the system using the affected JWT Service. Since it involves a hard-coded cryptographic key, attackers might exploit it to bypass authentication or authorization mechanisms, potentially leading to unauthorized access or data manipulation. However, the attack is difficult to perform and requires high complexity.