CVE-2025-49151

Description

The affected products could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

PUBLISHED Reserved 2025-06-02 | Published 2025-06-25 | Updated 2025-07-17 | Assigner icscert

Problem types

CWE-547: Use of Hard-coded, Security-relevant Constants

Product status

Credits

Tomer Goldschmidt and Noam Moshe of Claroty Team82 finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-175-07

cve.org (CVE-2025-49151)

nvd.nist.gov (CVE-2025-49151)

Download JSON