CVE-2025-7080

Name of the Vulnerable Software and Affected Versions: Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17

Description: A problematic issue was found in the JWT Token Handler component, specifically in the file internal/utils/jwt utils.go. The manipulation of the accessSecret/refreshSecret argument with the input jank-blog-secret/jank-blog-refresh-secret leads to the use of a hard-coded password. This issue can be exploited remotely, with a rather high complexity of attack and difficult exploitability. The exploit has been disclosed to the public and may be used.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.