CVE-2025-7080

LOW EPSS 27.2%

Published Jul 6, 202511mo ago · Modified Jun 17, 20261w ago

2.9 CVSS 4.0

Low

Published Jul 6, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CVSS Details

Base Score

2.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

27.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-255

CWE-259

References 4

github.com https://github.com/Done-0/Jank/issues/9
vuldb.com https://vuldb.com/?ctiid.314994
vuldb.com https://vuldb.com/?id.314994
vuldb.com https://vuldb.com/?submit.603746

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.