CVE-2025-30064 | THREATINT

Description

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.

PUBLISHED Reserved 2025-03-14 | Published 2025-08-27 | Updated 2025-08-27 | Assigner CERT-PL

HIGH: 8.8CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-912 Hidden Functionality

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status

unaffected

Any version before 2025.MS2

affected

Credits

Maciej Kazulak finder

References

cert.pl/en/posts/2025/08/CVE-2025-2313/

cve.org (CVE-2025-30064)

nvd.nist.gov (CVE-2025-30064)

Download JSON