CVE-2025-2229

HIGH

Token Generation - Info Disclosure

Title source: llm

Description

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

References (2)

Scores

CVSS v3 7.7
EPSS 0.0002
EPSS Percentile 5.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE
CWE-1391
Status draft

Timeline

Published Mar 13, 2025
Tracked Since Feb 18, 2026