Vulnerability Description
A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mist | Mist | < 4.7.2 |
Related Weaknesses (CWE)
References
- https://github.com/Stolichnayer/mist-ce-account-takeoverExploitThird Party Advisory
- https://github.com/mistio/mist-ce/releases/tag/v4.7.2Release Notes
- https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fPatch
- https://vuldb.com/?ctiid.310749Permissions RequiredVDB Entry
- https://vuldb.com/?id.310749Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.583531Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-5409?
CVE-2025-5409 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API ...
How severe is CVE-2025-5409?
CVE-2025-5409 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5409?
Check the references section above for vendor advisories and patch information. Affected products include: Mist Mist.