CVE-2025-15107
Hard-Coded JWT Key Vulnerability in Actiontech SQLE Allows Remote Attack
Publication date: 2025-12-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| actiontech | sqle | 4.2511.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the actiontech sqle software up to version 4.2511.0, specifically in the JWT Secret Handler component within the file sqle/utils/jwt.go. It involves the use of a hard-coded cryptographic key (JWTSecretKey), which can be manipulated remotely. The vulnerability has a high attack complexity and is difficult to exploit, but the exploit has been publicly disclosed and may be used.
How can this vulnerability impact me? :
The use of a hard-coded cryptographic key can lead to partial confidentiality compromise (as indicated by the CVSS impact on confidentiality). An attacker exploiting this vulnerability remotely could potentially access sensitive information protected by the JWT secret key, undermining the security of the system. However, the impact on integrity and availability is not indicated.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves the use of a hard-coded cryptographic key in JWT authentication, which allows remote attackers to bypass authentication and gain unauthorized access, potentially compromising confidentiality of data. This security flaw can lead to unauthorized access to sensitive information, thereby increasing the risk of non-compliance with data protection standards and regulations such as GDPR and HIPAA that require strong access controls and protection of personal data. However, no specific compliance impact or regulatory assessment is detailed in the provided resources. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying the presence of the hard-coded JWT secret key and valid JWT credentials in the deployed software. You can check the version of actiontech sqle to see if it is β€4.2511.0, which is vulnerable. Additionally, inspecting the JWT tokens used by the system for the known weak secret or forged tokens with the administrator UID (700200) can help detect exploitation. Specific commands might include searching the source code or binaries for the string 'secret' or the known hard-coded token, and monitoring network traffic for JWT tokens signed with the weak key. For example, using grep to find the secret in source files: `grep -r 'secret' /path/to/sqle/` or inspecting JWT tokens with tools like `jwt-cli` to verify the signature key. Network monitoring tools can be used to capture and decode JWT tokens to check for forged tokens with admin privileges. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the vulnerable service to trusted users only, as the vulnerability allows remote exploitation without authentication. Since no official patch or fix is currently available, you should consider disabling or limiting the use of JWT authentication until a fixed version (planned in v4.2512.0) is released. Additionally, rotate any JWT secrets and credentials if possible, and monitor for suspicious activity indicating exploitation. Applying network-level controls such as firewalls or VPNs to limit exposure can reduce risk. Finally, keep track of updates from the project maintainers and apply the patch once available. [1, 3]