CVE-2025-47945 – CVE-2025-47945 is a critical authentication byp... (How to Fix)

Q: What is the severity of CVE-2025-47945?

CVE-2025-47945 has a CVSS score of 9.1 (CRITICAL). CVE-2025-47945 is a critical authentication bypass vulnerability in Donetick task management software. It allows attackers to forge valid JWT tokens due to a weak default signing secret, potentially leading to full account takeover of any user. All Donetick installations prior to version 0.1.44 are affected unless administrators manually changed the secret.

📋 TL;DR

CVE-2025-47945 is a critical authentication bypass vulnerability in Donetick task management software. It allows attackers to forge valid JWT tokens due to a weak default signing secret, potentially leading to full account takeover of any user. All Donetick installations prior to version 0.1.44 are affected unless administrators manually changed the secret.

💻 Affected Systems

Products:

Donetick

Versions: All versions prior to 0.1.44

Operating Systems: All platforms running Donetick

Default Config Vulnerable: ⚠️ Yes

Notes: Default installations are vulnerable. Only manually configured instances with changed JWT secrets are protected.

📦 What is this software?

Donetick by Donetick

View all CVEs affecting Donetick →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all user accounts, unauthorized access to all tasks and sensitive data, potential privilege escalation to administrative functions.

🟠

Likely Case

Attackers gain unauthorized access to user accounts, manipulate tasks, access sensitive information, and potentially pivot to other systems.

🟢

If Mitigated

No impact if proper secret rotation has been performed or patch is applied.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable by remote attackers.

🏢 Internal Only: HIGH - Internal instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of the weak default secret or ability to extract it from source code/config files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.44

Vendor Advisory: https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986x

Restart Required: Yes

Instructions:

1. Backup current installation. 2. Update to version 0.1.44 via package manager or manual download. 3. Restart Donetick service. 4. Force all users to re-authenticate to invalidate old tokens.

🔧 Temporary Workarounds

Manual JWT Secret Rotation

all

Change the JWT signing secret to a strong, random value

# Edit Donetick configuration file
# Set JWT_SECRET to a strong random string (min 32 characters)
# Example: JWT_SECRET=your-strong-random-secret-here

🧯 If You Can't Patch

Immediately rotate JWT signing secret to a cryptographically strong random value (min 32 characters)
Force all users to log out and re-authenticate to invalidate existing tokens

🔍 How to Verify

Check if Vulnerable:

Check if JWT_SECRET in configuration matches known weak defaults or is easily guessable. Review source code for hardcoded secrets.

Check Version:

donetick --version or check package manager

Verify Fix Applied:

Verify version is 0.1.44 or later. Confirm JWT_SECRET is set to a strong, random value not present in previous configurations.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful login from same IP
Unusual user activity patterns
Authentication from unexpected locations

Network Indicators:

Unusual JWT token patterns or signatures
Authentication requests with manipulated tokens

SIEM Query:

source="donetick" AND (event="authentication" AND result="success") | stats count by src_ip, user | where count > threshold

📊 Metadata

CVE ID: CVE-2025-47945

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-453

EPSS Score: 0.14% exploit probability (33.7th percentile)

Published: May 17, 2025

Last Updated: June 12, 2025

🔗 References

https://github.com/donetick/donetick/commit/620b897bc0135f6668bb8a5562678104531108eb Patch
https://github.com/donetick/donetick/commit/b9a6e177eefdc605dedbc5320f0d93d6573d1db6 Patch
https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986x Exploit,Vendor Advisory
https://github.com/donetick/donetick/security/advisories/GHSA-hjjg-vw4j-986x Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47945, you might also want to check these: