CVE-2025-26499
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-09-15

Assigner: WindRiver

Description
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-09-15
Generated
2026-05-27
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-25
NVD
CVE-2025-26499
EUVD
EUVD-2025-28977
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
wind_river studio_developer 24.11
wind_river studio_developer 25.05
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-270 The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition that occurs under heavy system utilization during authentication or token refresh. It can cause one user to be mistakenly granted an authentication token meant for another user, allowing impersonation until the session ends. Exploitation requires concurrent actions by two users and cannot be intentionally triggered.


How can this vulnerability impact me? :

If this vulnerability occurs, a user may inadvertently gain access to another user's system rights and data, leading to unauthorized access and potential data exposure until the session ends.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart