{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30206", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-18T18:15:13.849Z", "datePublished": "2025-04-15T19:14:41.450Z", "dateUpdated": "2025-04-15T19:58:52.725Z"}, "containers": {"cna": {"title": "Dpanel's hard-coded JWT secret leads to remote code execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "lang": "en", "description": "CWE-321: Use of Hard-coded Cryptographic Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-453", "lang": "en", "description": "CWE-453: Insecure Default Variable Initialization", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-547", "lang": "en", "description": "CWE-547: Use of Hard-coded, Security-relevant Constants", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847"}], "affected": [{"vendor": "donknap", "product": "dpanel", "versions": [{"version": "< 1.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-15T19:14:41.450Z"}, "descriptions": [{"lang": "en", "value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage."}], "source": {"advisory": "GHSA-j752-cjcj-w847", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T19:58:33.579367Z", "id": "CVE-2025-30206", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T19:58:52.725Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30206", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-15T19:58:33.579367Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T19:58:38.224Z"}}], "cna": {"title": "Dpanel's hard-coded JWT secret leads to remote code execution", "source": {"advisory": "GHSA-j752-cjcj-w847", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "donknap", "product": "dpanel", "versions": [{"status": "affected", "version": "< 1.6.1"}]}], "references": [{"url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847", "name": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321: Use of Hard-coded Cryptographic Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-453", "description": "CWE-453: Insecure Default Variable Initialization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-547", "description": "CWE-547: Use of Hard-coded, Security-relevant Constants"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-15T19:14:41.450Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30206", "state": "PUBLISHED", "dateUpdated": "2025-04-15T19:58:52.725Z", "dateReserved": "2025-03-18T18:15:13.849Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-15T19:14:41.450Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage."}, {"lang": "es", "value": "Dpanel es un sistema de panel de visualizaci\u00f3n de Docker que proporciona funciones completas de gesti\u00f3n de Docker. El servicio Dpanel contiene un secreto JWT codificado en su configuraci\u00f3n predeterminada, lo que permite a los atacantes generar tokens JWT v\u00e1lidos y comprometer el equipo host. Esta falla de seguridad permite a los atacantes analizar el c\u00f3digo fuente, descubrir el secreto incrustado y crear tokens JWT leg\u00edtimos. Al falsificar estos tokens, un atacante puede eludir los mecanismos de autenticaci\u00f3n, suplantar a usuarios con privilegios y obtener acceso administrativo no autorizado. En consecuencia, esto permite el control total del equipo host, lo que puede conllevar graves consecuencias, como la exposici\u00f3n de datos confidenciales, la ejecuci\u00f3n no autorizada de comandos, la escalada de privilegios o un mayor movimiento lateral dentro del entorno de red. Este problema est\u00e1 corregido en la versi\u00f3n 1.6.1. Un workaround para esta vulnerabilidad consiste en reemplazar el secreto codificado con un valor generado de forma segura y cargarlo desde un almacenamiento de configuraci\u00f3n seguro."}], "id": "CVE-2025-30206", "lastModified": "2025-04-16T13:25:59.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-15T20:15:39.127", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}, {"lang": "en", "value": "CWE-453"}, {"lang": "en", "value": "CWE-547"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}