CVE-2025-6391
JSON Web Token (JWT) Exposure in Log Files
Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Broadcom · Brocade ASCGWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →