Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jvvc-sgja-6kc4
Summary
The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.
Aliases
0
alias CVE-2025-64386
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64386
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13409
published_at 2026-06-11T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13502
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13529
published_at 2026-06-13T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13526
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64386
1
reference_url https://www.hackrtu.com/blog/cg-0day-en-003/
reference_id cg-0day-en-003
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/
url https://www.hackrtu.com/blog/cg-0day-en-003/
2
reference_url https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./
reference_id D80010.
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/
url https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./
3
reference_url https://cds.thalesgroup.com/es/s21sec-about
reference_id s21sec-about
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/
url https://cds.thalesgroup.com/es/s21sec-about
Weaknesses
0
cwe_id 613
name Insufficient Session Expiration
description According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.
Exploits
Severity_range_score7.7 - 7.7
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jvvc-sgja-6kc4