CVE-2025-13877

5.6 MEDIUM

📋 TL;DR

This vulnerability in NocoBase involves the use of a hard-coded cryptographic key in the JWT Service component, allowing attackers to potentially forge authentication tokens. It affects NocoBase installations up to version 1.9.4 and 2.0.0-alpha.37. The vulnerability can be exploited remotely but requires high complexity to execute successfully.

💻 Affected Systems

Products:

• NocoBase

Versions: Up to 1.9.4 and 2.0.0-alpha.37

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the affected JWT Service component are vulnerable regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could forge valid JWT tokens to gain unauthorized administrative access, potentially leading to complete system compromise and data exfiltration.

🟠

Likely Case

Skilled attackers could bypass authentication mechanisms to access restricted functionality or sensitive data within the application.

🟢

If Mitigated

With proper network segmentation and monitoring, impact would be limited to the affected application instance with no lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploit requires understanding of JWT token structure and cryptographic operations. Public exploit details exist but implementation is complex.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Monitor NocoBase GitHub repository for security updates
2. Apply any available patches immediately
3. Restart NocoBase services after patching

🔧 Temporary Workarounds

Replace Hard-coded Key

all

Manually replace the hard-coded cryptographic key with a securely generated random key

Copy

# Edit nocobase/packages/core/auth/src/base/jwt-service.ts
# Replace hard-coded API_KEY value with secure random key

Disable JWT Service

all

Temporarily disable JWT authentication if alternative auth methods are available

Copy

# Modify NocoBase configuration to use alternative authentication
# Disable JWT service in application settings

🧯 If You Can't Patch

• Implement network segmentation to isolate NocoBase instances from critical systems
• Enable detailed logging of authentication attempts and monitor for suspicious JWT token usage

🔍 How to Verify

Check if Vulnerable:

Copy

Check NocoBase version and examine jwt-service.ts file for hard-coded cryptographic keys

Check Version:

Copy

Check package.json or application settings for NocoBase version

Verify Fix Applied:

Copy

Verify that jwt-service.ts no longer contains hard-coded keys and uses secure key management

📡 Detection & Monitoring

Log Indicators:

• Unusual JWT token generation patterns
• Authentication attempts with malformed tokens
• Multiple failed authentication attempts

Network Indicators:

• Unusual API requests to JWT endpoints
• Traffic patterns suggesting token forgery attempts

SIEM Query:

Copy

source="nocobase" AND (event="authentication_failure" OR event="jwt_token_generated")

📊 Metadata

CVE ID: CVE-2025-13877

CVSS v3 Score: 5.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-320

EPSS Score: 0.06% exploit probability (17.6th percentile)

Published: December 2, 2025

Last Updated: December 2, 2025

🔗 References

• https://gist.github.com/H2u8s/f3ede60d7ecfe598ae452aa5a8fbb90d
• https://vuldb.com/?ctiid.334033
• https://vuldb.com/?id.334033
• https://vuldb.com/?submit.692205

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13877, you might also want to check these:

CVE-2021-26322 7.5

This vulnerability in AMD platform security processors (PSP) allows potential recovery of encrypted ...

Same vulnerability type (CWE-320)

CVE-2023-21626 7.1

This cryptographic vulnerability in Qualcomm's HLOS (High-Level Operating System) allows improper au...

Same vulnerability type (CWE-320)

CVE-2024-40593 6.0

This vulnerability allows authenticated administrators on affected Fortinet devices to retrieve cert...

Same vulnerability type (CWE-320)