CVE-2025-64386

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

CVSS

No CVSS.

References

Link	Resource
https://cds.thalesgroup.com/es/s21sec-about
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./
https://www.hackrtu.com/blog/cg-0day-en-003/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) El equipo otorga un token JWT para cada conexión en la línea de tiempo, pero durante una sesión válida activa, se puede realizar un secuestro del token. Esto permitirá a un atacante con el token modificar parámetros de seguridad, acceso o incluso robar la sesión sin que la sesión legítima y activa lo detecte. El servidor web permite al atacante reutilizar un token JWT de sesión antiguo mientras la sesión legítima está activa.

03 Nov 2025, 16:15

Type	Values Removed	Values Added
References		() https://cds.thalesgroup.com/es/s21sec-about - () https://www.hackrtu.com/blog/cg-0day-en-003/ -

31 Oct 2025, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-31 14:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-64386

Mitre link : CVE-2025-64386

CVE.ORG link : CVE-2025-64386

JSON object : View

Products Affected

No product.

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-64386", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-31T14:16:13.510", "references": [{"url": "https://cds.thalesgroup.com/es/s21sec-about", "source": "50b5080a-775f-442e-83b5-926b5ca517b6"}, {"url": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./", "source": "50b5080a-775f-442e-83b5-926b5ca517b6"}, {"url": "https://www.hackrtu.com/blog/cg-0day-en-003/", "source": "50b5080a-775f-442e-83b5-926b5ca517b6"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "50b5080a-775f-442e-83b5-926b5ca517b6", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive."}, {"lang": "es", "value": "El equipo otorga un token JWT para cada conexi\u00f3n en la l\u00ednea de tiempo, pero durante una sesi\u00f3n v\u00e1lida activa, se puede realizar un secuestro del token. Esto permitir\u00e1 a un atacante con el token modificar par\u00e1metros de seguridad, acceso o incluso robar la sesi\u00f3n sin que la sesi\u00f3n leg\u00edtima y activa lo detecte. El servidor web permite al atacante reutilizar un token JWT de sesi\u00f3n antiguo mientras la sesi\u00f3n leg\u00edtima est\u00e1 activa."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "50b5080a-775f-442e-83b5-926b5ca517b6"}