CVE-2025-11290 🟡 Medium

CVE-2025-11290: Vulnerability in CRMEB up to 5.6.1

A vulnerability in CRMEB up to 5.6.1 allows remote manipulation of the JWT HMAC Secret Handler, leading to a hard-coded cryptographic key issue.

CVE ID

CVE-2025-11290

CVSS Score

5.6

Vendor

unknown

Published

Oct 05

A vulnerability was identified in CRMEB up to 5.6.1, affecting the JWT HMAC Secret Handler. Manipulating the argument secret with default input can expose a hard-coded cryptographic key. The exploit can be launched remotely but is reported to be complex. The vendor was informed but did not respond.

Vulnerability Details

CVE ID: CVE-2025-11290
Severity: Medium
CVSS v3 Score: 5.6 / 10.0
Affected Vendor: unknown
Publication Date: October 05, 2025

External Resources

NIST NVD Database
MITRE CVE

Need Help?

Protect your infrastructure with our comprehensive security scanning tools.

Explore Security Scanners

Back to CVE Database