CVE-2025-10671

Name of the Vulnerable Software and Affected Versions youth-is-as-pale-as-poetry e-learning version 1.0

Description A vulnerability exists due to insufficiently random values generated by the encryptSecret function within the JWT Token Handler component. The vulnerable file is e-learning-masterexam-apisrcmainjavacomyfexamabilityshirojwtJwtUtils.java. The issue is remotely exploitable, but requires a high level of complexity and is considered difficult to exploit. The exploit has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the encryptSecret function until a patch is available.