CVE-2025-11290

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.2

Description A security issue exists in CRMEB related to the JWT HMAC Secret Handler component. Manipulation of the secret argument with the input default leads to the use of a hard-coded cryptographic key within an unknown function. This issue is remotely exploitable, though exploitation is considered difficult. The exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Update CRMEB to version 5.6.2 or later.