CVE-2025-55049

The system uses a fixed, unchangeable cryptographic key instead of unique keys for each installation, allowing attackers who obtain the key to decrypt all protected data. This is critical because the default key is easily discoverable and compromises all security.

CWE-1394 vulnerability where a hardcoded cryptographic key is used across all instances without requiring user configuration or rotation. An attacker with access to the codebase or compiled binaries can extract the key and decrypt sensitive data encrypted with it, completely bypassing confidentiality controls.