← back
CVE-2025-55306

GenX_FX authentication bypass in JWT validation

CVSS 9.8 CRITICALEPSS 0.5%CWE-522
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Aug 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Mouy-leng · GenX_FX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6