CVE-2025-6391
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-17

Last updated on: 2026-04-06

Assigner: Brocade Communications Systems, LLC

Description
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-17
Last Modified
2026-04-06
Generated
2026-05-07
AI Q&A
2025-07-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6391
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
broadcom brocade_active_support_connectivity_gateway to 3.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

If an attacker accesses the log files containing unencrypted JWTs, they can use these tokens to impersonate legitimate users, hijack sessions, gain unauthorized access to systems or data, and potentially disclose sensitive information.


Can you explain this vulnerability to me?

This vulnerability involves Brocade ASCG versions before 3.3.0 logging JSON Web Tokens (JWT) in log files. An attacker who gains access to these log files can extract the unencrypted tokens, which can lead to security issues such as unauthorized access, session hijacking, and information disclosure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart