{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T09:44:18.663","vulnerabilities":[{"cve":{"id":"CVE-2025-64386","sourceIdentifier":"50b5080a-775f-442e-83b5-926b5ca517b6","published":"2025-10-31T14:16:13.510","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive."},{"lang":"es","value":"El equipo otorga un token JWT para cada conexión en la línea de tiempo, pero durante una sesión válida activa, se puede realizar un secuestro del token. Esto permitirá a un atacante con el token modificar parámetros de seguridad, acceso o incluso robar la sesión sin que la sesión legítima y activa lo detecte. El servidor web permite al atacante reutilizar un token JWT de sesión antiguo mientras la sesión legítima está activa."}],"metrics":{"cvssMetricV40":[{"source":"50b5080a-775f-442e-83b5-926b5ca517b6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"50b5080a-775f-442e-83b5-926b5ca517b6","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://cds.thalesgroup.com/es/s21sec-about","source":"50b5080a-775f-442e-83b5-926b5ca517b6"},{"url":"https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./","source":"50b5080a-775f-442e-83b5-926b5ca517b6"},{"url":"https://www.hackrtu.com/blog/cg-0day-en-003/","source":"50b5080a-775f-442e-83b5-926b5ca517b6"}]}}]}