A critical authentication vulnerability exists in multiple Ever Gauzy products, identified as CVE-2023-53951. This flaw stems from a weak secret key used for signing JSON Web Tokens (JWTs), allowing an attacker to forge authentication tokens and gain full administrative access to the affected application. Successful exploitation could lead to a complete system compromise, data breach, and operational disruption.

The vulnerability lies in the weak implementation of the HMAC secret key used for JWT-based authentication. The secret key, which is supposed to be cryptographically strong and confidential, is likely hardcoded, easily guessable, or otherwise exposed. An attacker can obtain this weak secret, forge a new JWT with arbitrary claims—such as elevating their privileges to an administrator role—and sign it with the compromised key. The application will trust this malicious token, granting the attacker unauthorized administrative access.

This vulnerability is rated as critical with a CVSS score of 9.8, reflecting the high potential for damage. An attacker with administrative privileges can perform any action within the application, including accessing, modifying, or exfiltrating sensitive company and customer data, disrupting business operations, and deploying additional malware. The consequences of exploitation include severe financial loss, reputational damage, regulatory fines, and a complete loss of confidentiality, integrity, and availability for the affected systems.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately.

• Update Ever Gauzy Multiple Products to the latest version that addresses this vulnerability.
• After patching, review all user accounts, especially those with administrative privileges, for any signs of unauthorized creation or modification.
• Review access logs for any evidence of compromise that may have occurred before the patch was applied.

Proactive Monitoring:

• Monitor application and server logs for unusual authentication patterns, such as repeated login failures followed by a success from an unknown IP address, or the use of malformed JWTs.
• Scrutinize logs for any administrative actions (e.g., user creation, permission changes, data export) originating from suspicious sources or occurring at unusual times.
• Implement network traffic analysis to detect anomalous API calls consistent with an attacker exploring the system with elevated privileges.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict network access to the affected application, placing it behind a firewall or VPN and limiting access to only trusted IP addresses.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to inspect and block suspicious or malformed JWTs.
• Enforce multi-factor authentication (MFA) for all users, especially administrators, to add another layer of security.

Public Exploit Available: False

Given the critical severity of this vulnerability and its potential for complete system compromise, immediate action is required. We strongly recommend that all organizations using affected Ever Gauzy products prioritize applying the vendor-supplied patches without delay. Although this vulnerability is not currently listed in the CISA KEV catalog, its high impact and the ease of exploitation make it a significant threat. If patching is delayed, the compensating controls outlined above should be implemented immediately to mitigate the risk of a breach.