CVE-2025-13948 MEDIUM

CVE-2025-13948: opsre go-ldap-admin JWT docker-compose.yaml hard-coded key

Vendor Opsre
Product go-ldap-admin
Weakness CWE-321
Published December 3, 2025
Last update December 3, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead to use of hard-coded cryptographic key . The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

December 3, 2025 CVE published
December 3, 2025 Record updated