CVE-2025-47945
Last modified
CVE-2025-47945 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate. The vulnerability is proven by existence of the issue in the live version as well. This issue can result in full account takeover of any user. Version 0.1.44 contains a patch.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Donetick | Donetick | < 0.1.44 |
References
- https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986xExploit, Vendor Advisory
- https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986xExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-47945?
How severe is CVE-2025-47945?
How do I fix CVE-2025-47945?
Are you affected by CVE-2025-47945?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST