CVE-2025-55306 CRITICAL

CVE-2025-55306: GenX_FX authentication bypass in JWT validation

Vendor Mouy-Leng
Product GenX_FX
Weakness CWE-522 · Insufficiently protected credentials
Published August 19, 2025
Last update August 19, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.).

Key dates

02Disclosure timeline

August 19, 2025 CVE published
August 19, 2025 Record updated