PT-2025-23436 · Unknown · Mist Community Edition
Alex Perrakis
+3
·
Published
2025-06-01
·
Updated
2025-11-25
·
CVE-2025-5409
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mist Community Edition versions up to 4.7.1
Description
A critical issue has been found, affecting the
create token function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has been publicly disclosed and may be exploited.Recommendations
For Mist Community Edition versions up to 4.7.1, upgrade to version 4.7.2 to address this issue. As a temporary workaround, consider restricting access to the
create token function of the API Token Handler component until the upgrade is applied.Exploit
Fix
Improper Access Control
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mist Community Edition