Description

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

INFO

Published Date :

2025-10-31T13:42:32.743Z

Last Modified :

2025-11-03T15:51:03.421Z

Source :

S21sec
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64386 vulnerability.

Vendors Products
Circutor
  • Tcprs1plus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64386.

URL Resource
https://cds.thalesgroup.com/es/s21sec-about cve-icon cve-icon
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./ cve-icon cve-icon
https://www.hackrtu.com/blog/cg-0day-en-003/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability