CVE Vulnerabilities

CVE-2025-49151

Use of Hard-coded, Security-relevant Constants

Published: Jun 25, 2025 | Modified: Jun 26, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.

Weakness

The product uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy change.

Potential Mitigations

References