JSON Web Token (JWT) Exposure in Log Files_CVE-2025-6391

7.1 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.

Basic Information

ID CVE-2025-6391

Source brocade

Published Jul 17, 2025 at 21:45

Modified Jul 18, 2025 at 14:11

Affected Product

Vendor Broadcom

Product Brocade ASCG

Version before 3.3.0

Affected Versions Broadcom Brocade ASCG before 3.3.0

CWE Classification

CWE-532

References

support.broadcom.com /web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951

{
    "lastseen": "",
    "description": "Brocade ASCG before 3.3.0 logs JSON \nWeb Tokens (JWT) in log files. An attacker with access to the log files \n can withdraw the unencrypted tokens with security implications, such as\n unauthorized access, session hijacking, and information disclosure.",
    "published": "2025-07-17T21:45:27.024Z",
    "modified": "2025-07-18T14:11:11.224Z",
    "type": "cve",
    "title": "JSON Web Token (JWT) Exposure in Log Files",
    "source": "brocade",
    "references": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951",
    "id": "CVE-2025-6391",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Broadcom Brocade ASCG before 3.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Brocade ASCG",
    "version": "before 3.3.0",
    "vendor": "Broadcom",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}