1. Home
  2. CVE Database
  3. CVE-2025-26499
MEDIUM · 6.0

CVE-2025-26499

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting ...

Vulnerability Description

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-270

References

FAQ

What is CVE-2025-26499?

CVE-2025-26499 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting ...

How severe is CVE-2025-26499?

CVE-2025-26499 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-26499?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.