Critical
CVSS 9.8
Overview
CyberPower PowerPanel business
application code contains a hard-coded JWT signing key. This could
result in an attacker forging JWT tokens to bypass authentication.
CVE-2024-33625
CyberPower PowerPanel business application code contains a hard-coded JWT signi...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: jwt, unauth_access (tag impact: HIGH)
Recommended actions:
- Use strong algorithms (HS256/RS256), rotate secrets, short expiries.
- Enforce authentication/authorization; reduce default endpoint exposure.