{"id":43337,"date":"2025-05-23T20:21:53","date_gmt":"2025-05-23T20:21:53","guid":{"rendered":""},"modified":"2025-10-22T19:05:12","modified_gmt":"2025-10-23T01:05:12","slug":"cve-2025-47945-critical-vulnerability-in-donetick-task-management-application-allows-full-account-takeover","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47945-critical-vulnerability-in-donetick-task-management-application-allows-full-account-takeover\/","title":{"rendered":"<strong>CVE-2025-47945: Critical Vulnerability in Donetick Task Management Application Allows Full Account Takeover<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The Common Vulnerabilities and Exposures (CVE) system has recently identified a critical vulnerability, labeled CVE-2025-47945, in the Donetick open-source application used for managing tasks and chores. This vulnerability can lead to a full user account takeover, potentially compromising system security and leading to data leakage. Given the widespread usage of Donetick, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-40566-severe-user-session-vulnerability-in-simatic-pcs-neo-products\/\"  data-wpil-monitor-id=\"48876\">vulnerability presents a significant risk to system administrators and users<\/a> alike, necessitating immediate attention and mitigation.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47945<br \/>\nSeverity: Critical (CVSS score 9.1)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: Full account takeover, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27891-samsung-mobile-and-wearable-processors-vulnerability-leads-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"49309\">potential system<\/a> compromise, and data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2002800109\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Donetick | <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48481-critical-vulnerability-in-freescout-prior-to-version-1-8-180\/\"  data-wpil-monitor-id=\"57193\">Prior to version<\/a> 0.1.44<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4648-integrity-check-vulnerability-in-centreon-web-leading-to-potential-xss-injection\/\"  data-wpil-monitor-id=\"49888\">vulnerability arises from the application&#8217;s use of JSON Web<\/a> Tokens (JWT) for user authentication. In versions of the application prior to 0.1.44, the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45746-unauthorized-system-access-via-hardcoded-jwt-secret-in-zkt-zkbio-cvsecurity\/\"  data-wpil-monitor-id=\"48931\">JWT signing secret<\/a> has a weak default value. The onus is on the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7093-critical-vulnerability-in-belkin-f9k1122-1-00-33-impacting-system-security-and-data-integrity\/\"  data-wpil-monitor-id=\"91121\">system administrator to change this value to something more secure<\/a>. However, this approach is inadequate and has led to the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-40906-critical-vulnerability-in-bson-xs-versions-0-8-4-and-earlier\/\"  data-wpil-monitor-id=\"50663\">vulnerability being present in the live version<\/a> of the app. If an attacker can predict or brute force the JWT signing key, they can generate valid JWTs and impersonate any user of the application, leading to a potential full <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48187-ragflow-account-takeover-due-to-brute-force-attack-vulnerability\/\"  data-wpil-monitor-id=\"51204\">account takeover<\/a>.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3915612087\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>The following is a conceptual example of how an attacker might <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-45997-exploiting-file-upload-vulnerability-in-web-based-pharmacy-product-management-system\/\"  data-wpil-monitor-id=\"57194\">exploit this vulnerability<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/user\/login HTTP\/1.1\nHost: vulnerable-donetick.com\nContent-Type: application\/json\n{ &quot;username&quot;: &quot;victim&quot;, &quot;jwt&quot;: &quot;eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&quot; }<\/code><\/pre>\n<p>In this example, the attacker sends a POST <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47708-cross-site-request-forgery-vulnerability-in-drupal-enterprise-mfa-tfa\/\"  data-wpil-monitor-id=\"49783\">request to the login endpoint of the vulnerable<\/a> Donetick application. The attacker supplies a malicious <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-35940-hard-coded-jwt-signing-key-vulnerability-in-archiverspaapi-asp-net-application\/\"  data-wpil-monitor-id=\"63024\">JWT (in this case, a JWT they have generated using the weak default signing<\/a> secret) in place of a legitimate JWT, allowing them to impersonate the victim.<\/p>\n<p><strong>Mitigation and Conclusion<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48477-critical-vulnerability-in-freescout-prior-to-version-1-8-180\/\"  data-wpil-monitor-id=\"57821\">vulnerability has been addressed in version<\/a> 0.1.44 of Donetick, and it is strongly recommended that users update to this version as soon as possible. As a temporary mitigation, Web Application Firewalls (WAF) or Intrusion Detection Systems (IDS) can be used to monitor and block malicious traffic. However, these measures should not replace the need for patching and updating the application. By staying current with <a href=\"https:\/\/www.ameeba.com\/blog\/unpacking-politico-s-weekly-cybersecurity-update-a-deep-dive-into-the-latest-threat-landscape\/\"  data-wpil-monitor-id=\"50540\">updates and adopting strong cybersecurity<\/a> practices, users can significantly reduce the risk posed by vulnerabilities such as CVE-2025-47945.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The Common Vulnerabilities and Exposures (CVE) system has recently identified a critical vulnerability, labeled CVE-2025-47945, in the Donetick open-source application used for managing tasks and chores. This vulnerability can lead to a full user account takeover, potentially compromising system security and leading to data leakage. Given the widespread usage of Donetick, this vulnerability presents [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-43337","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/43337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=43337"}],"version-history":[{"count":12,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/43337\/revisions"}],"predecessor-version":[{"id":84140,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/43337\/revisions\/84140"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=43337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=43337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=43337"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=43337"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=43337"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=43337"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=43337"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=43337"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=43337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}