CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

May 26, 2025

CVE ID : CVE-2025-5164

Published : May 26, 2025, 3:15 a.m. | 1 hour, 55 minutes ago

Description : A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5165 – Assimp Out-of-Bounds Read Vulnerability

Next Article CVE-2025-5163 – “Yangshare WarehouseManager Remote Unauthenticated Access Control Bypass”

Highlights

CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

July 1, 2025

CVE ID : CVE-2025-6756

Published : July 1, 2025, 10:15 a.m. | 18 minutes ago

Description : The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Amazon launches spec-driven AI IDE, Kiro

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Marvel Rivals’ swimsuit lineup kicks off this week — with hot new outfits for these characters

iPhone alarm not going off? 6 potential fixes to this annoying issue

ChatGPT falls for another Windows license key scam — generating valid codes in a guessing game after a researcher “gives up”

The details of TC39’s last meeting

The details of TC39’s last meeting

Modern async iteration in JavaScript with Array.fromAsync()

Vite vs Webpack: A Guide to Choosing the Right Bundler

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Windows 11 will soon be able to describe images on your screen using AI — and it’ll all be done locally

Marvel Rivals’ swimsuit lineup kicks off this week — with hot new outfits for these characters

The Curious Case of AUR Updates Fetching 30 GB of Data for Electron

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

CVE-2025-41225 – VMware vCenter Server Command Execution Vulnerability

CVE-2025-5678 – Kadence WP Gutenberg Blocks with AI Stored Cross-Site Scripting

Ubuntu 25.10: Il Futuro di sudo è in Rust con sudo-rs

PIM for Azure Resources

CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

CVE-2025-31250 – Apple macOS Sequoia Information Disclosure Vulnerability

Linux Jargon Buster: What are Secure Boot & Shim Files?

Agile vs Scrum: A Clear Guide to Choosing the Right Approach

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Related Posts