CVE-2025-52101

Name of the Vulnerable Software and Affected Versions: Linjiashop versions <=0.9

Description: The issue concerns Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted password and salt. The password can then be obtained through brute-force cracking.

Recommendations: For Linjiashop versions <=0.9, as a temporary workaround, consider disabling the default-generated JWT authentication until a patch is available. Restrict access to sensitive data, such as encrypted passwords and salts, to minimize the risk of exploitation. Update to a version that includes a fix for this issue when available.