CVE-2025-64386 – HIJACKING OF THE TOKEN AND GAINING ACCESS

CVE ID : CVE-2025-64386

Published : Oct. 31, 2025, 2:16 p.m. | 1 hour, 10 minutes ago

Description : The
equipment grants a JWT token for each connection in the timeline, but during an
active valid session, a hijacking of the token can be done. This will allow an
attacker with the token modify parameters of security, access or even steal the
session without
the legitimate and active session detecting it. The web server allows the
attacker to reuse an old session JWT token while the legitimate session is
active.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-6428 – Koha SQL Injection

CVE-2026-5513 – Online Scheduling and Appointment Booking System – Bookly

CVE-2026-11624 – Model Context Protocol DNS Rebinding Vulnerability

CVE-2026-1291 – Meow Gallery