CRITICAL🇵🇱 Wersja polska

CVE-2025-41702

CVSS 9.8v3.1pub. 2025-08-26upd. 2026-04-15

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.

🤖 AI Analysis
How it works

The cryptographic key used to sign JWT tokens with the HS256 algorithm is hard-coded into the egOS WebGUI backend code and can be read by the default system user. Knowing this key, an attacker can independently create any cryptographically valid JWT tokens without possessing any credentials. The server verifies the token signature as valid, treating the request as authenticated and authorized.

Impact

An attacker gains full, unauthorized access to the WebGUI interface by bypassing authentication and authorization, which may lead to device takeover, disclosure of sensitive configuration data, and violation of system integrity and availability.

Mitigation & patch

Apply patches available from the vendor according to references (https://certvde.com/de/advisories/VDE-2025-076). Until updates are applied, it is recommended to restrict network access to the WebGUI interface only to trusted hosts and monitor traffic for unauthorized requests with suspicious JWT tokens.

Who is affected

Products equipped with egOS WebGUI — specific versions indicated in vendor references (certvde.com, VDE-2025-076)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References