CVE-2025-6391

High CVSS 7.1

Overview

Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.

CWE: CWE-532 Published: 2025-07-17T22:15:26.263

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.1 (HIGH)
Detected tags: info_leak, jwt, unauth_access (tag impact: HIGH)

Recommended actions:

Reduce verbose errors, remove debug endpoints, minimize PII in logs.
Use strong algorithms (HS256/RS256), rotate secrets, short expiries.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags