Vulnerabilities

CVE-2025-56749

by Fred · 15/10/2025

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.

More information : https://suryadina.com/academy-lms-jwt-secret-7k9m2x4p8q/

Similar

Tags: Cybersecurity Alert