Coze Studio
Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:coze-studio:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Coze Studio (38b8e147-2805-57eb-99df-14c87ef108e5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9604 |
vulnerable | 2026-06-08 07:47:09.337226 |
coze-studio aes.go hard-coded key
LOW (3.7)
A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key
. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt."
Published: 2025-08-29T01:32:09.045Z
Updated: 2025-08-29T13:36:16.125Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.