CVE-2025-64386
The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-10-31 14:16:13
Güncelleme
2025-11-04 15:41:31
Source Identifier
50b5080a-775f-442e-83b5-926b5ca517b6
KEV Date Added
-