CVE-2025-40646
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability in Viday exposes sensitive information by allowing an attacker to intercept HTTP requests and extract JWT tokens containing user data in the payload.
Risk Assessment
An attacker could obtain confidential customer information, such as personal or authentication data, leading to privacy breaches and potential financial losses.
Recommendation
Immediately update Viday to the latest version, enforce HTTPS encryption, and remove sensitive data from the JWT payload.
Original NVD description (English source)
Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.

