opsre go-ldap-admin JWT docker-compose.yaml hard-coded key_CVE-2025-13948

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key
. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-13948

Source VulDB

Published Dec 3, 2025 at 14:32

Modified Dec 3, 2025 at 21:24

Affected Product

Vendor opsre

Product go-ldap-admin

Version 20251011

Affected Versions opsre go-ldap-admin 20251011

CWE Classification

CWE-321 CWE-320

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key\r . The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-12-03T14:32:07.380Z",
    "modified": "2025-12-03T21:24:31.989Z",
    "type": "cve",
    "title": "opsre go-ldap-admin JWT docker-compose.yaml hard-coded key",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.334163\nhttps://vuldb.com/?ctiid.334163\nhttps://vuldb.com/?submit.692213\nhttps://gist.github.com/H2u8s/a51ac1fe38d62746d1425b70ff49420c",
    "id": "CVE-2025-13948",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-320"
    ],
    "cvelist": null,
    "sourceData": "opsre go-ldap-admin 20251011",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "go-ldap-admin",
    "version": "20251011",
    "vendor": "opsre",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}