{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90374?format=json","vulnerability_id":"VCID-jvvc-sgja-6kc4","summary":"The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive.","aliases":[{"alias":"CVE-2025-64386"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64386","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13409","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13502","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13529","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13526","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-64386"},{"reference_url":"https://www.hackrtu.com/blog/cg-0day-en-003/","reference_id":"cg-0day-en-003","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/"}],"url":"https://www.hackrtu.com/blog/cg-0day-en-003/"},{"reference_url":"https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./","reference_id":"D80010.","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/"}],"url":"https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./"},{"reference_url":"https://cds.thalesgroup.com/es/s21sec-about","reference_id":"s21sec-about","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-03T14:22:45Z/"}],"url":"https://cds.thalesgroup.com/es/s21sec-about"}],"weaknesses":[{"cwe_id":613,"name":"Insufficient Session Expiration","description":"According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."}],"exploits":[],"severity_range_score":"7.7 - 7.7","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvvc-sgja-6kc4"}