216.73.216.133

CVE-2025-64386

· Published 31/10/2025 14:16 · Modified 31/10/2025 14:16

Labels: CVE-2025-64386 2025-10-3150b5080a-775f-442e-83b5-926b5ca517b6CVE-2025-64386CWE-613

Essential information

Published
31/10/2025 14:16
Modified
31/10/2025 14:16
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
50b5080a-775f-442e-83b5-926b5ca517b6
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / * cpe:2.3:a:*:*:*:*:*:*:*:*:*:*:*

References