CVE Catalog

CVE-2025-40646

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

A vulnerability in Viday exposes sensitive information by allowing an attacker to intercept HTTP requests and extract JWT tokens containing user data in the payload.

Risk Assessment

An attacker could obtain confidential customer information, such as personal or authentication data, leading to privacy breaches and potential financial losses.

Recommendation

Immediately update Viday to the latest version, enforce HTTPS encryption, and remove sensitive data from the JWT payload.

Original NVD description (English source)

Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS