Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret

Advisories

Ever Gauzy v0.281.9 JWT Authentication Weakness via HMAC Secret

severity: critical
date: 12/19/2025
Affecting: ever gauzy 0.281.9
CVE: CVE-2023-53951
CWE: CWE-347 Improper Verification of Cryptographic Signature
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-51354
Official Product Homepage
Credit: nu11secur1ty
Description: Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo