CVE-2025-27845
CRITICALESPEC North America Web Controller <3.3.4 - Info Disclosure
Title source: llmDescription
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
References (2)
Core 2
Core References
Various Sources
https://espec.com
Various Sources
https://espec.com/na/about/detail/cve_2025_27845
Scores
CVSS v3
9.8
EPSS
0.0040
EPSS Percentile
31.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-200
Status
published
Published
Aug 14, 2025
Tracked Since
Feb 18, 2026