CVE-2023-53951

CRITICAL

Ever Gauzy <0.281.9 - Auth Bypass

Title source: llm

Description

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textwebappstypescript
https://www.exploit-db.com/exploits/51354

References (3)

Scores

CVSS v3 9.8
EPSS 0.0006
EPSS Percentile 18.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-347
Status published
Products (1)
Gauzy/ever gauzy 0.281.9
Published Dec 19, 2025
Tracked Since Feb 18, 2026