CVE-2025-40646

Name of the Vulnerable Software and Affected Versions Viday (affected versions not specified)

Description The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload. The JWTs contain sensitive user information, potentially exposing it to unauthorized access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.