Overview
CVE-2025-13877 describes a medium-severity vulnerability found in NocoBase versions up to 1.9.4 and 2.0.0-alpha.37. This flaw involves the use of a hard-coded cryptographic key within the JWT Service component, specifically affecting the nocobase\packages\core\auth\src\base\jwt-service.ts file. Successful exploitation of this vulnerability allows for remote attackers to potentially compromise the system.
Technical Details
The vulnerability resides in the JWT Service component of NocoBase. The specific issue is the use of a hard-coded cryptographic key when handling the API_KEY argument. An attacker can leverage this weakness to forge or manipulate JWT (JSON Web Tokens), potentially gaining unauthorized access or performing actions on behalf of legitimate users. The complexity of exploiting this vulnerability is rated as high due to factors which may involve timing issues or other prerequisite conditions.
The affected file is nocobase\packages\core\auth\src\base\jwt-service.ts.
It is important to note that the exploit for this vulnerability is now publicly available.
Attempts to contact the vendor regarding this vulnerability have been unsuccessful.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-13877 is 5.6 (Medium).
This score reflects the following characteristics:
- Attack Vector: Network (AV:N)
- Attack Complexity: High (AC:H)
- Privileges Required: None (PR:N)
- User Interaction: None (UI:N)
- Scope: Unchanged (S:U)
- Confidentiality Impact: Low (C:L)
- Integrity Impact: Low (I:L)
- Availability Impact: None (A:N)
Possible Impact
Exploitation of CVE-2025-13877 could lead to several negative consequences, including:
- Unauthorized Access: Attackers could forge JWTs to gain unauthorized access to the system.
- Data Manipulation: Attackers may be able to modify data within the application by crafting malicious JWTs.
- Account Takeover: In certain scenarios, attackers could potentially take over user accounts.
Mitigation or Patch Steps
As the vendor has not responded, immediate patching may not be available. Consider the following mitigation steps:
- Review and Harden JWT Implementation: Thoroughly review the JWT implementation in your NocoBase instance and consider replacing the affected JWT Service with a more secure alternative if possible.
- Web Application Firewall (WAF): Implement a Web Application Firewall (WAF) with rules designed to detect and block malicious JWTs.
- Monitor Logs: Closely monitor application logs for any suspicious activity related to JWT authentication.
- Restrict Network Access: Limit network access to the NocoBase instance to only trusted sources.
- Consider Alternative Solutions: If possible, explore alternative solutions or frameworks that do not rely on the vulnerable JWT Service component.
Important: This is a critical vulnerability, and immediate action is recommended to mitigate the risk.
