PT-2025-7498 · Hermes+1 · Hermes+1
Liad Eliyahu
·
Published
2025-02-20
·
Updated
2025-03-13
·
CVE-2025-1293
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hermes versions up to 0.4.0
Description
The issue arises from improper validation of the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass.
Recommendations
For Hermes versions up to 0.4.0, update to version 0.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the AWS ALB authentication mode until the update is applied.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aws Alb
Hermes