CVE-2025-7453

LOW EPSS 28.2%

Published Jul 11, 202511mo ago · Modified Jun 17, 20261w ago

2.9 CVSS 4.0

Low

Published Jul 11, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded password. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVSS Details

Base Score

2.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

28.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-255

CWE-259

References 4

github.com https://github.com/saltbo/zpan/issues/219
vuldb.com https://vuldb.com/?ctiid.316097
vuldb.com https://vuldb.com/?id.316097
vuldb.com https://vuldb.com/?submit.608447

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.