Critical
CVSS 9.8
Overview
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
CVE-2025-27845
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any inv...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: jwt (tag impact: LOW)
Recommended actions:
- Use strong algorithms (HS256/RS256), rotate secrets, short expiries.