How severe is CVE-2025-47945?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2025-47945?

This is classified as CWE-453, which is a common weakness in software security.

CVE-2025-47945 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate. The vulnerability is proven by existence of the issue in the live version as well. This issue can result in full account takeover of any user. Version 0.1.44 contains a patch.

Related Vulnerabilities

CVE-2022-47194

CRITICAL

CVSS:9.0(Critical)

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript...

CWE-4532022

CVE-2022-47195

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2022-47196

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2022-47197

CRITICAL

CVSS:9.0(Critical)

CWE-4532022

CVE-2024-21411

HIGH

CVSS:8.8(High)

Skype for Consumer Remote Code Execution Vulnerability

CWE-4532024

CVE-2021-27426

CRITICAL

CVSS:9.8(Critical)

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

CWE-4532021