Unrated severityOSV Advisory· Published Dec 5, 2025· Updated Dec 8, 2025
CVE-2025-65730
CVE-2025-65730
Description
Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730mitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/auth.gomitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.gomitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.gomitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.gomitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.gomitre
- github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.gomitre
- github.com/pommee/goaway/commit/5769f8782b7453ca1c22a201b224b5ce48532f64mitre
- github.com/pommee/goaway/releases/tag/v0.62.16mitre
News mentions
0No linked articles in our index yet.