CVE-2025-6669

Name of the Vulnerable Software and Affected Versions: gooaclok819 sublinkX versions up to 1.8

Description: A vulnerability was found in the unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations: For gooaclok819 sublinkX versions up to 1.8, upgrade to version 1.9 to address this issue. As a temporary workaround, consider restricting access to the vulnerable middlewares/jwt.go file until a patch is applied. Avoid using the hard-coded cryptographic key in the affected component until the issue is resolved.