Home

Description

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-19 | Updated 2025-12-19 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Verification of Cryptographic Signature

Product status

0.281.9
affected

Credits

nu11secur1ty finder

References

www.exploit-db.com/exploits/51354 (ExploitDB-51354) exploit

github.com/ever-co/ever-gauzy (Official Product Homepage) product

www.vulncheck.com/...authentication-weakness-via-hmac-secret (VulnCheck Advisory: Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret) third-party-advisory

cve.org (CVE-2023-53951)

nvd.nist.gov (CVE-2023-53951)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.