CVE-2025-5164

LOW

PerfreeBlog 4.0.11 - Code Injection

Title source: llm

Description

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 3.7
EPSS 0.0012
EPSS Percentile 30.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-320 CWE-321 CWE-798
Status published

Affected Products (1)

perfree/perfreeblog

Timeline

Published May 26, 2025
Tracked Since Feb 18, 2026