CVE-2025-52101 | THREATINT

Description

linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-force cracking.

PUBLISHED Reserved 2025-06-16 | Published 2025-07-01 | Updated 2025-07-02 | Assigner mitre

References

gitee.com/microapp/linjiashop

gist.github.com/NSW111/33824ceb4d1b920671124f77abfe27e8

cve.org (CVE-2025-52101)

nvd.nist.gov (CVE-2025-52101)

Download JSON