HIJACKING OF THE TOKEN AND GAINING ACCESS_CVE-2025-64386

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.

Basic Information

ID CVE-2025-64386

Source S21sec

Published Oct 31, 2025 at 13:42

Modified Oct 31, 2025 at 17:48

Affected Product

Vendor Circutor

Product TCPRS1plus

Version 1.0.14

Affected Versions Circutor TCPRS1plus 1.0.14

CWE Classification

CWE-613

References

circutor.com /productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./

{
    "lastseen": "",
    "description": "The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive.",
    "published": "2025-10-31T13:42:32.743Z",
    "modified": "2025-10-31T17:48:32.514Z",
    "type": "cve",
    "title": "HIJACKING OF THE TOKEN AND GAINING ACCESS",
    "source": "S21sec",
    "references": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./",
    "id": "CVE-2025-64386",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "Circutor TCPRS1plus 1.0.14",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TCPRS1plus",
    "version": "1.0.14",
    "vendor": "Circutor",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}