The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.
1.0.14 - AFFECTED
The equipment grants a JWT token for each connection in the timeline, but during an active valid...
https://github.com/advisories/GHSA-4m38-cfr7-jx25The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-64386",
"assignerOrgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
"assignerShortName": "S21sec",
"dateUpdated": "2025-10-31T17:48:32.514Z",
"dateReserved": "2025-10-31T13:13:35.299Z",
"datePublished": "2025-10-31T13:42:32.743Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "50b5080a-775f-442e-83b5-926b5ca517b6",
"shortName": "S21sec",
"dateUpdated": "2025-10-31T14:23:19.156Z"
},
"title": "HIJACKING OF THE TOKEN AND GAINING ACCESS",
"descriptions": [
{
"lang": "en",
"value": "The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive.",
"supportingMedia": [
{
"type": "text/html",
"base64": false,
"value": " The\nequipment grants a JWT token for each connection in the timeline, but during an\nactive valid session, a hijacking of the token can be done. This will allow an\nattacker with the token modify parameters of security, access or even steal the\nsession without\nthe legitimate and active session detecting it. The web server allows the\nattacker to reuse an old session JWT token while the legitimate session is\nactive."
}
]
}
],
"affected": [
{
"vendor": "Circutor",
"product": "TCPRS1plus",
"defaultStatus": "unknown",
"versions": [
{
"version": "1.0.14",
"status": "affected",
"versionType": "Firmware"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-613 Insufficient Session Expiration",
"cweId": "CWE-613",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./"
}
],
"impacts": [
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Víctor Bello Cuevas",
"type": "finder"
},
{
"lang": "en",
"value": "Aarón Flecha Menéndez",
"type": "finder"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T17:48:32.514Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}