CVE-2025-66432
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-66432, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-30

Last updated on: 2025-11-30

Assigner: MITRE

Description

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-30
Last Modified
2025-11-30
Generated
2026-07-06
AI Q&A
2025-11-30
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
oxide_computer oxide 17
oxide_computer oxide 15
oxide_computer oxide 16

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-420 The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Oxide control plane versions 15 through 17 before 17.1, where API tokens can be renewed even after their expiration date, allowing continued use beyond intended limits.

Impact Analysis

The vulnerability can allow an attacker or user with access to API tokens to extend their validity beyond expiration, potentially leading to unauthorized actions or prolonged access to the system.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart