CVE-2025-3177

LOW Year: 2025
CVSS v3 Score
8.1
High
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-320
View all →

Vulnerability Description

A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2015-0839

HIGH
CVSS:8.1(High)

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ver...

CWE-3202015

CVE-2016-2880

HIGH
CVSS:7.8(High)

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.

CWE-3202016

CVE-2025-2220

MEDIUM
CVSS:7.8(High)

A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the c...

CWE-3202025

CVE-2015-0153

HIGH
CVSS:7.5(High)

D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key.

CWE-3202015

CVE-2015-1316

HIGH
CVSS:7.5(High)

Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key.

CWE-3202015

CVE-2015-7503

HIGH
CVSS:7.5(High)

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

CWE-3202015