CVE-2025-65730

Published: Dec 5, 2025

Modified: Dec 8, 2025

PUBLISHED

Description

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/pommee/goaway/releases/tag/v0.62.16

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L15

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L110

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L69

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/auth.go#L48

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L88

https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L40

https://github.com/pommee/goaway/commit/5769f8782b7453ca1c22a201b224b5ce48532f64#diff-4ddfd6cf1311ddfd45734bb1dc53bc208df69584ba92ac4f38866bd558434678L15-L40

https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-65730

Description

Affected Products

References