CVE-2025-52101
CRITICALlinjiashop <= 0.9 - Unauthenticated Incorrect Access Control
Title source: llmDescription
linjiashop <=0.9 is vulnerable to Incorrect Access Control. When using the default-generated JWT authentication, attackers can bypass the authentication and retrieve the encrypted "password" and "salt". The password can then be obtained through brute-force cracking.
References (2)
Core 2
Core References
Various Sources
https://gist.github.com/NSW111/33824ceb4d1b920671124f77abfe27e8
Various Sources
https://gitee.com/microapp/linjiashop
Scores
CVSS v3
9.8
EPSS
0.0042
EPSS Percentile
33.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Published
Jul 01, 2025
Tracked Since
Feb 18, 2026