CVE-2025-27845 | THREATINT

Description

In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.

PUBLISHED Reserved 2025-03-09 | Published 2025-08-14 | Updated 2025-08-15 | Assigner mitre

References

espec.com

espec.com/na/about/detail/cve_2025_27845

cve.org (CVE-2025-27845)

nvd.nist.gov (CVE-2025-27845)

Download JSON