CVE-2025-30064 — An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an — CVE Database · The Intelligence Room