CVE-2025-14261

Published
View on NVD ↗
CVSS v3
7.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

litmuschaos/litmus
litmuschaos/litmus
Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
GitHubGitHub
5.42K