How severe is CVE-2025-45746?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-45746?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2025-45746 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.

Related Vulnerabilities

CVE-2016-4437

CRITICAL

CVSS:9.8(Critical)

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unsp...

CWE-3212016

CVE-2017-14021

CRITICAL

CVSS:9.8(Critical)

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G v...

CWE-3212017

CVE-2018-0040

CRITICAL

CVSS:9.8(Critical)

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized acc...

CWE-3212018

CVE-2019-19750

CRITICAL

CVSS:9.8(Critical)

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product.

CWE-3212019

CVE-2019-19752

CRITICAL

CVSS:9.8(Critical)

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as o...

CWE-3212019

CVE-2020-6990

CRITICAL

CVSS:9.8(Critical)

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic ...

CWE-3212020