CVE-2025-6391 | THREATINT

Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

PUBLISHED Reserved 2025-06-20 | Published 2025-07-17 | Updated 2025-07-18 | Assigner brocade

HIGH: 7.1CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

Default status

unaffected

before 3.3.0

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/35951

cve.org (CVE-2025-6391)

nvd.nist.gov (CVE-2025-6391)

Download JSON