CVE-2025-6391

CRITICAL

9.1

Beschreibung

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/17/2025

Zuletzt geandert4/6/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

broadcom:brocade_active_support_connectivity_gateway

Schwachen (CWE)

CWE-532

Referenzen

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951(sirt@brocade.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.