CVE-2025-63691

Name of the Vulnerable Software and Affected Versions Pig-mesh In Pig versions 3.8.2 and below

Description The token query interface ('/api/admin/sys-token/page') within the Token Management function of the System Management module suffers from insufficient permission verification. Any authenticated user can access this interface and retrieve plaintext authentication Tokens for all currently logged-in users, including administrators. This allows unauthorized users to obtain administrator Tokens, forge an administrator account, and gain full system management privileges, leading to system takeover.

Recommendations Versions prior to 3.8.2 should be updated.