CVE-2023-53951

CRITICAL

Ever Gauzy 0.281.9 - JWT Authentication Bypass via Weak HMAC Secret

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53951. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This exploit demonstrates a JWT weak HMAC secret vulnerability in ever gauzy v0.281.9, allowing an attacker to authenticate using a well-known HMAC secret key. The provided JWT token can be used to bypass authentication and perform malicious actions.

Description

Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

Exploits (1)

exploitdb WORKING POC
by nu11secur1ty · textwebappstypescript
https://www.exploit-db.com/exploits/51354

This exploit demonstrates a JWT weak HMAC secret vulnerability in ever gauzy v0.281.9, allowing an attacker to authenticate using a well-known HMAC secret key. The provided JWT token can be used to bypass authentication and perform malicious actions.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ever gauzy v0.281.9
No auth needed
Prerequisites: Access to the target application · Knowledge of the weak HMAC secret key
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51354
Various Sources product
https://github.com/ever-co/ever-gauzy

Scores

CVSS v3 9.8
EPSS 0.0032
EPSS Percentile 23.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-347
Status published
Products (1)
Gauzy/ever gauzy 0.281.9
Published Dec 19, 2025
Tracked Since Feb 18, 2026