CVE-2025-57618

Name of the Vulnerable Software and Affected Versions FastX3 versions through 3.3.67

Description A path traversal issue exists in FastX3 through version 3.3.67, allowing an unauthenticated attacker to read arbitrary files on the server. This access can include application configuration files containing the secret key used to sign JSON Web Tokens (JWTs) and existing JWT IDs (JTIs). Exploitation enables an attacker to forge valid JWTs, impersonate the root user, and potentially achieve remote code execution through authenticated API endpoints. The vulnerability allows access to sensitive information like the secret key used for JWT signing and existing JTIs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.