Unrated severityNVD Advisory· Published Oct 15, 2025· Updated Oct 15, 2025
CVE-2025-56749
CVE-2025-56749
Description
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=6.14
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.