CVE-2025-14651

Name of the Vulnerable Software and Affected Versions MartialBE one-hub versions up to 0.14.27

Description A security issue exists in MartialBE one-hub related to the use of a hard-coded cryptographic key. The issue stems from the manipulation of the SESSION SECRET argument within the docker-compose.yml file. This allows for potential remote exploitation, though the complexity is considered high and exploitability is difficult. The exploit has been publicly disclosed.

Recommendations Change the configuration settings. Carefully check and modify every configuration and environment variable if using the default docker-compose example file in a production environment.