← back
CVE-2025-41702

egOS WebGUI Hard-Coded JWT Secret Enables Authentication Bypass

CVSS 9.8 CRITICALEPSS 0.5%CWE-321
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Welotec · EG400Mk2-D11001-000101Welotec · EG400Mk2-D11101-000101Welotec · EG500Mk2-A11001-000101Welotec · EG500Mk2-A11001-000201Welotec · EG500Mk2-A11101-000101Welotec · EG500Mk2-A12011-000101Welotec · EG500Mk2-A21101-000101Welotec · EG500Mk2-B11001-000101Welotec · EG500Mk2-B11101-000101Welotec · EG500Mk2-C11001-000101Welotec · EG500Mk2-C11101-000101Welotec · EG503LWelotec · EG503L_4GBWelotec · EG503L-GWelotec · EG503WWelotec · EG503W_4GBWelotec · EG602LWelotec · EG602WWelotec · EG603L Mk2Welotec · EG603W Mk2Welotec · EG802WWelotec · EG802W_i7_512GB_DinRailWelotec · EG802W_i7_512GB_w/o DinRailWelotec · EG804WWelotec · EG804W Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://certvde.com/de/advisories/VDE-2025-076