{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "0.62.19"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "c2da766832631adc7e504582e380f9a3e0dc3c5e"
            },
            {
              "fixed": "5769f8782b7453ca1c22a201b224b5ce48532f64"
            },
            {
              "fixed": "f5636dfdd67d5b5ce3862fa6730eb61a827a6757"
            }
          ],
          "repo": "https://github.com/pommee/goaway",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.",
  "id": "CVE-2025-65730",
  "modified": "2026-04-01T23:07:45.674723994Z",
  "published": "2025-12-05T16:15:50.773Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/auth.go#L48"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L69"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L88"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pommee/goaway/blob/v0.62.18/backend/api/middleware.go#L40"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/pommee/goaway/releases/tag/v0.62.16"
    },
    {
      "type": "FIX",
      "url": "https://github.com/pommee/goaway/commit/5769f8782b7453ca1c22a201b224b5ce48532f64#diff-4ddfd6cf1311ddfd45734bb1dc53bc208df69584ba92ac4f38866bd558434678L15-L40"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/gian2dchris/CVEs/tree/CVE-2025-65730/CVE-2025-65730"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}