CVE-2025-35940

Name of the Vulnerable Software and Affected Versions ArchiverSpaApi (affected versions not specified)

Description The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints, such as "/api/v1/login" or "/users/{id}". The attacker can exploit this issue by using a forged JWT token with the username and password variables to gain unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.