CVE-2025-14651

CVSS v3.1

3.7

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MartialBE one-hub versions up to 0.14.27

Description A security issue exists in MartialBE one-hub related to the use of a hard-coded cryptographic key. The issue stems from the manipulation of the

SESSION SECRET

argument within the

docker-compose.yml

file. This allows for potential remote exploitation, though the complexity is considered high and exploitability is difficult. The exploit has been publicly disclosed.

Recommendations Change the configuration settings. Carefully check and modify every configuration and environment variable if using the default docker-compose example file in a production environment.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

CVE-2025-14651

Affected Products

Martialbe One-Hub

CVE-2025-14651

Weakness Enumeration

Related Identifiers

Affected Products

References · 11