CVE-2025-49152

The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07

Configurations

No configuration.

History

No history.

Information

Published : 2025-06-25 17:15

Updated : 2025-07-17 14:15

NVD link : CVE-2025-49152

Mitre link : CVE-2025-49152

CVE.ORG link : CVE-2025-49152

JSON object : View

Products Affected

No product.

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-49152", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-25T17:15:38.100", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system."}, {"lang": "es", "value": "MICROSENS NMP Web+ contiene JSON Web Tokens (JWT) que no caducan, lo que podr\u00eda permitir que un atacante obtenga acceso al sistema."}], "lastModified": "2025-07-17T14:15:31.493", "sourceIdentifier": "[email protected]"}

CVE-2025-49152

JSON object

Attach tags to CVE-2025-49152

Attach tags to `CVE-2025-49152`