CVE-2025-64386

The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
S21secCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./