{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55306", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-12T16:15:30.239Z", "datePublished": "2025-08-19T18:19:15.839Z", "dateUpdated": "2025-08-19T20:50:19.199Z"}, "containers": {"cna": {"title": "GenX_FX authentication bypass in JWT validation", "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6"}], "affected": [{"vendor": "Mouy-leng", "product": "GenX_FX", "versions": [{"version": "<= 1.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-19T18:19:15.839Z"}, "descriptions": [{"lang": "en", "value": "GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.)."}], "source": {"advisory": "GHSA-2xjq-pvwj-mvm6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-19T20:49:35.867951Z", "id": "CVE-2025-55306", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T20:50:19.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-19T20:49:35.867951Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-19T20:49:38.043Z"}}], "cna": {"title": "GenX_FX authentication bypass in JWT validation", "source": {"advisory": "GHSA-2xjq-pvwj-mvm6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Mouy-leng", "product": "GenX_FX", "versions": [{"status": "affected", "version": "<= 1.0.0"}]}], "references": [{"url": "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6", "name": "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522: Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-19T18:19:15.839Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55306", "state": "PUBLISHED", "dateUpdated": "2025-08-19T20:50:19.199Z", "dateReserved": "2025-08-12T16:15:30.239Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-19T18:19:15.839Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.)."}, {"lang": "es", "value": "GenX_FX es una plataforma avanzada de trading con inteligencia artificial (IA) enfocada en el trading de forex. Se identific\u00f3 una vulnerabilidad en el backend de GenX FX que podr\u00eda exponer las claves API y los tokens de autenticaci\u00f3n si las variables de entorno est\u00e1n mal configuradas. Usuarios no autorizados podr\u00edan acceder a recursos en la nube (Google Cloud, Firebase, GitHub, etc.)."}], "id": "CVE-2025-55306", "lastModified": "2025-08-20T14:40:17.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-19T19:15:37.067", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Mouy-leng/GenX_FX/security/advisories/GHSA-2xjq-pvwj-mvm6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}