High severity7.3NVD Advisory· Published Oct 14, 2025· Updated Apr 15, 2026

CVE-2025-57618

Description

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.

Affected products

Daniele M/Cve Listreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gitlab.com/daniele_m/cve-list/-/blob/main/README.mdnvd
www.starnet.com/fastx/nvd
www.starnet.com/help/fastx3-3-server-release-notes/nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000