CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

May 26, 2025

CVE ID : CVE-2025-5164

Published : May 26, 2025, 3:15 a.m. | 1 hour, 55 minutes ago

Description : A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5165 – Assimp Out-of-Bounds Read Vulnerability

Next Article CVE-2025-5163 – “Yangshare WarehouseManager Remote Unauthenticated Access Control Bypass”

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

August 2025: AI updates from the past month

This 3-in-1 charger has a retractable superpower that’s a must for travel

How a legacy hardware company reinvented itself in the AI age

The 13+ best Walmart Labor Day deals 2025: Sales on Apple, Samsung, LG, and more

You can save up to $700 on my favorite Bluetti power stations for Labor Day

Call for Speakers – JS Conf Armenia 2025

Call for Speakers – JS Conf Armenia 2025

Streamlining Application Automation with Laravel’s Task Scheduler

A Fluent Path Builder for PHP and Laravel

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

Windows 11 KB5064081 24H2 adds taskbar clock, direct download links for .msu offline installer

My Family Cinema not Working? 12 Quick Fixes

Super-linter – collection of linters and code analyzers

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

CVE-2025-47693 – FAT Services Booking PHP Local File Inclusion

Measuring perception in AI models

CVE-2025-53642 – HAXcms Nodejs/PHP Session Invalidation and Refresh Token Vulnerability

CVE-2025-40621 – TCMAN GIM SQL Injection

BrosTrend AX3000 WiFi Range Extender & Wi-Fi to Gigabit Ethernet Adapter Review

Xbox CEO Phil Spencer reportedly couldn’t stop playing ZeniMax’s unannounced game — and now it’s canceled

CVE-2025-5827 – Autel MaxiCharger AC Wallbox Commercial BLE Stack-based Buffer Overflow Remote Code Execution Vulnerability

Hackers Actively Exploiting Langflow RCE Vulnerability to Deploy Flodrix Botnet

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Related Posts