Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-47945
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Donetick Has Weak Default JWT Secret
Source: NVD (National Vulnerability Database)
Vulnerability Description
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrator to change it, this approach is inadequate. The vulnerability is proven by existence of the issue in the live version as well. This issue can result in full account takeover of any user. Version 0.1.44 contains a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不安全的缺省变量初始化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Donetick 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Donetick是Donetick开源的一款开源、用户友好的应用程序,用于管理任务和家务。 Donetick 0.1.44之前版本存在安全漏洞,该漏洞源于JWT签名密钥默认值弱,可能导致账户接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
donetickdonetick < 0.1.44 -
II. Public POCs for CVE-2025-47945
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-47945
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same weakness: CWE-453
V. Comments for CVE-2025-47945

No comments yet

Leave a comment