CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Creativeitem: >> Academy Lms >> 5.14 Security Vulnerabilities

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.

CVSS Score

9.4

EPSS Score

0.001

Published

2025-10-15

Page 1

Vulnerabilities

Vulnerable Software

Creativeitem: >> Academy Lms >> 5.14 Security Vulnerabilities

Products

Pricing

Contact Us