CVE-2025-66432
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-30
Last updated on: 2025-11-30
Assigner: MITRE
Description
Description
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oxide_computer | oxide | 17 |
| oxide_computer | oxide | 15 |
| oxide_computer | oxide | 16 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-420 | The product protects a primary channel, but it does not use the same level of protection for an alternate channel. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oxide control plane versions 15 through 17 before 17.1, where API tokens can be renewed even after their expiration date, allowing continued use beyond intended limits.
How can this vulnerability impact me? :
The vulnerability can allow an attacker or user with access to API tokens to extend their validity beyond expiration, potentially leading to unauthorized actions or prolonged access to the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70