The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2025-17 |
![]() ![]() ![]() |
History
Wed, 11 Jun 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Jun 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints. | |
Title | Hard-coded ArchiverSpaApi JWT Signing Key | |
Weaknesses | CWE-798 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: tenable
Published: 2025-06-10T20:27:51.562Z
Updated: 2025-06-11T14:03:33.168Z
Reserved: 2025-04-15T21:07:39.881Z
Link: CVE-2025-35940

Updated: 2025-06-11T14:03:28.655Z

Status : Awaiting Analysis
Published: 2025-06-10T21:15:22.210
Modified: 2025-06-12T16:06:29.520
Link: CVE-2025-35940

No data.