published date: July 17, 2025

CVE-2025-6391 : Unauthorized Access Vulnerability

Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

CVSS:7.1 [Critical]
EPSS:0.00%
Exploitability:0
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2025-6391, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2025-6391 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://capec.mitre.org/data/definitions/215.html
https://nvd.nist.gov/vuln/detail/CVE-2025-6391

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales