Hermes · Hermes · CVE-2025-1293
**Name of the Vulnerable Software and Affected Versions**
Hermes versions up to 0.4.0
**Description**
The issue arises from improper validation of the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass.
**Recommendations**
For Hermes versions up to 0.4.0, update to version 0.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the AWS ALB authentication mode until the update is applied.