CVE Details
Basic Information
| Title | CVE-2025-4692 |
|---|---|
| Type | cve |
| Published | 2025-05-23T00:15:20 |
| Last Seen | 2025-05-23T00:23:25 |
CVSS Information
| Base Score | 6.8 (MEDIUM) |
|---|---|
| Attack Vector | NETWORK |
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | LOW |
| Availability Impact | LOW |
AI Analysis
| AI Description | A vulnerability exists in a cloud platform that allows an attacker to craft a malicious JWT token to escalate privileges. The vulnerability is due to improper validation of the JWT token by the platform. This could allow an attacker to gain unauthorized access to sensitive information or perform actions they are not authorized to do. |
|---|---|
| AI Severity | Medium |
| Vendor | Unknown |
| Product | Cloud Platform |
| Affected Version |
Additional Information
| CVE List | CVE-2025-4692 |
|---|---|
| CWE List | CWE-266 |
| Bulletin Family | cve |
Description
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)