CVE-2025-13948
BaseFortify
Publication date: 2025-12-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| opsre | go-ldap-admin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-13948 is a vulnerability in the opsre go-ldap-admin software (up to version 20251011) affecting the JWT Handler component. The issue arises because the software uses a hard-coded default JWT secret key ('secret key') in its configuration, which attackers can manipulate to forge valid JWT tokens. This allows unauthorized users to bypass authentication and gain administrative access remotely without needing credentials. The vulnerability compromises the confidentiality, integrity, and availability of the system by enabling attackers to access sensitive backend API endpoints and perform unauthorized actions. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers to remotely forge JWT tokens and bypass authentication controls, granting unauthorized administrative access to the affected system. As a result, attackers can access sensitive data, manipulate operation logs, and perform privileged actions within the application. This compromises the confidentiality, integrity, and availability of the system, potentially leading to data breaches, unauthorized modifications, and service disruptions. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the configuration file `docs/docker-compose/docker-compose.yaml` for the presence of the hardcoded JWT secret key "secret key". Additionally, monitoring network traffic for JWT tokens signed with the known default secret key can help identify exploitation attempts. A practical detection method includes checking the docker-compose.yaml file for the default secret key string. For example, you can run the command: `grep -r 'secret key' docs/docker-compose/docker-compose.yaml` to find the hardcoded key. Furthermore, analyzing JWT tokens in HTTP Authorization headers to verify if they are signed with the default key can be done using JWT decoding tools or scripts. Since a proof-of-concept exploit is publicly available, reviewing logs for suspicious JWT tokens forged with the default key is recommended. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the hardcoded default JWT secret key with a strong, unique secret key that is not publicly known or hardcoded in the configuration files. Since no known countermeasures or mitigations have been identified, it is strongly suggested to replace the affected component (go-ldap-admin up to version 20251011) with an alternative product or updated version that does not use the default secret key. Additionally, reviewing and updating the JWT handling mechanism to enforce secret key modification and prevent use of default keys is critical. Restricting network access to the affected service and monitoring for unauthorized JWT tokens can also help reduce risk until a secure fix is applied. [1, 2, 3]