CVE-2025-64386

Vulnerability Description

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

Related Weaknesses (CWE)

References

• https://cds.thalesgroup.com/es/s21sec-about
• https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pas
• https://www.hackrtu.com/blog/cg-0day-en-003/

FAQ

What is CVE-2025-64386?

CVE-2025-64386 is a documented vulnerability. The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parame...

How severe is CVE-2025-64386?

CVSS scoring is not yet available for CVE-2025-64386. Check NVD for updates.

Is there a patch for CVE-2025-64386?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.