Description

The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.

INFO

Published Date :

2025-08-26T06:10:57.464Z

Last Modified :

2025-08-26T19:39:00.393Z

Source :

CERTVDE
AFFECTED PRODUCTS

The following products are affected by CVE-2025-41702 vulnerability.

Vendors Products
Welotec
  • Egos Webgui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41702.

URL Resource
https://certvde.com/de/advisories/VDE-2025-076 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact