CVE-2025-6391

CWE-532Log File Information Exposure3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 76.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade Active Support Connectivity GatewayBroadcom Brocade Ascg
Timeline
PublishedJul 17
Latest updateJul 18

Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5broadcom/brocade_ascgbefore 3.3.0

🔴Vulnerability Details

2
GHSA
GHSA-cqgv-gr59-9qf6: Brocade ASCG before 32025-07-18
CVEList
JSON Web Token (JWT) Exposure in Log Files2025-07-17
CVE-2025-6391 (HIGH CVSS 7.1) | Brocade ASCG before 3.3.0 logs JSON | cvebase.io