CVE-2025-64386
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: S21sec

Description
The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64386
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-613 According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the equipment granting a JWT token for each connection in the timeline, but during an active valid session, an attacker can hijack the token. This allows the attacker to modify security parameters, gain unauthorized access, or steal the session without the legitimate user detecting it. The web server permits reuse of an old session JWT token while the legitimate session is still active.

Impact Analysis

The vulnerability can allow an attacker to hijack an active session by reusing an old JWT token, potentially enabling unauthorized access, modification of security parameters, or session theft without detection by the legitimate user. This can lead to compromised security and unauthorized actions within the affected system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64386. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart