CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

June 10, 2025

CVE ID : CVE-2025-35940

Published : June 10, 2025, 9:15 p.m. | 33 minutes ago

Description : The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5980 – Code-projects Restaurant Order System SQL Injection Vulnerability

Next Article CVE-2025-5978 – Tenda FH1202 Stack-Based Buffer Overflow Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’

CVE-2025-5665 – FreeFloat FTP Server XCWD Command Handler Buffer Overflow

I switched to $379 Android phone from my Pixel 9 Pro while traveling – and didn’t regret it

Using Pages CMS for Static Site Content Management

Ransomware reaches a record high, but payouts are dwindling

If you think you can do better than Xbox or PlayStation in the Console Wars, you may just want to try out this card game

Akamai diventa il fornitore ufficiale dell’infrastruttura del kernel Linux

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’

Windows 11’s new update system is a brutal reminder of where the Microsoft Store falls short

CVE-2025-35940 – ArchiverSpaApi JWT Signing Key Hard-Coded Vulnerability

Related Posts