PT-2025-29976 · Brocade · Brocade Ascg
Published
2025-07-17
·
Updated
2026-02-02
·
CVE-2025-6391
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Brocade ASCG versions prior to 3.3.0
Description
Brocade ASCG versions prior to 3.3.0 log JSON Web Tokens (JWT) in log files. An attacker with access to these log files can extract the unencrypted tokens, potentially leading to unauthorized access, session hijacking, and information disclosure. A JWT is a compact, URL-safe means of representing claims to be transferred between two parties.
Recommendations
Update Brocade ASCG to version 3.3.0 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Brocade Ascg