CVE-2025-26499

Medium CVSS: 6.0

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.

Vendor

Product

CWE

CWE-270

Yayın Tarihi

2025-09-11 17:15:34

Güncelleme

2025-09-15 15:22:38

Source Identifier

0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8

KEV Date Added

Kategoriler

CWE-270 MEDIUM 2025

Referanslar

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26499 https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499