CVE-2025-57618

Published: Oct 14, 2025

Modified: Oct 14, 2025

PUBLISHED

Description

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.starnet.com/fastx/

https://www.starnet.com/help/fastx3-3-server-release-notes/

https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57618

Description

Affected Products

References