CVE-2025-64386 in TCPRS1plusinfo

Zusammenfassung

von MITRE • 31.10.2025

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

S21sec

Reservieren

31.10.2025

Veröffentlichung

31.10.2025

Moderieren

akzeptiert

Eintrag

VDB-330811

CPE

bereit

CWE

CWE-404 (bestätigt)

CVSS

3.7 (VulDB)

EPSS

0.00045

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-64386
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-64386
CVE Details	https://www.cvedetails.com/cve/CVE-2025-64386/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!