CVE-2025-64386
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: S21sec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the equipment granting a JWT token for each connection in the timeline, but during an active valid session, an attacker can hijack the token. This allows the attacker to modify security parameters, gain unauthorized access, or steal the session without the legitimate user detecting it. The web server permits reuse of an old session JWT token while the legitimate session is still active.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to hijack an active session by reusing an old JWT token, potentially enabling unauthorized access, modification of security parameters, or session theft without detection by the legitimate user. This can lead to compromised security and unauthorized actions within the affected system.