CVE-2024-33625
Severity CVSS v4.0:
Pending analysis
Type:
CWE-259
Use of Hard-coded Password
Publication date:
15/05/2024
Last modified:
04/08/2025
Description
CyberPower PowerPanel business <br />
application code contains a hard-coded JWT signing key. This could <br />
result in an attacker forging JWT tokens to bypass authentication.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:* | 4.9.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads