CVE-2025-70963
Summary: CVE-2025-70963 affects Gophish prior to 0.12.1. The admin dashboard exposes each user’s long‑lived API key directly in the rendered HTML/JavaScript on login, enabling access to permanent API credentials from browser scripts. This is an Incorrect Access Control vulnerability with HIGH imp...