CVE-2025-6391CRITICAL 9.1EPSS p14.4%

CVE-2025-6391CVE-2025-6391

Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.24% probability of exploitation · percentile 14.4% · 2026-06-18T12:00:27Z
Published2025-07-17
Last modified2026-04-06

Underlying weaknesses· 1

CWE-532

References

  1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951

1

TypeTargetConfidenceTier
WeaknessInsertion of Sensitive Information into Log Filecwe-5320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-7398
CVE
CVE-2026-0869
CVE
CVE-2025-20188
CVE
CVE-2025-20263
CVE
CVE-2025-20363
CVE
CVE-2025-41672
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.