CVE-2025-6391

JSON Web Token (JWT) Exposure in Log Files

Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

INFO

Published Date :

2025-07-17T21:45:27.024Z

Last Modified :

2025-07-18T14:11:11.224Z

Source :

brocade

AFFECTED PRODUCTS

The following products are affected by CVE-2025-6391 vulnerability.

Vendors	Products
Broadcom	Brocade Active Support Connectivity Gateway

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6391.

URL	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact