CVE-2025-66432
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-30

Last updated on: 2025-11-30

Assigner: MITRE

Description
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-30
Last Modified
2025-11-30
Generated
2026-06-16
AI Q&A
2025-11-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66432
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oxide_computer oxide 17
oxide_computer oxide 15
oxide_computer oxide 16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-420 The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Oxide control plane versions 15 through 17 before 17.1, where API tokens can be renewed even after their expiration date, allowing continued use beyond intended limits.

Impact Analysis

The vulnerability can allow an attacker or user with access to API tokens to extend their validity beyond expiration, potentially leading to unauthorized actions or prolonged access to the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart