CVE-2025-41702

Name of the Vulnerable Software and Affected Versions: egOS WebGUI (affected versions not specified)

Description: The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of a hard-coded cryptographic key. This allows attackers to forge authentication tokens, potentially gaining unauthorized access to the system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.