CVE-2025-6391 HIGH

CVE-2025-6391: JSON Web Token (JWT) Exposure in Log Files

Vendor Broadcom
Product Brocade ASCG
Weakness CWE-532 · Sensitive info in logs
Published July 17, 2025
Last update July 18, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

Key dates

02Disclosure timeline

July 17, 2025 CVE published
July 18, 2025 Record updated