CVE-2025-49152

The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07

Configurations

No configuration.

History

17 Jul 2025, 14:15

Type	Values Removed	Values Added
References	~~{'url': 'https://www.microsens.com/support/downloads/nmp/', 'source': 'ics-cert@hq.dhs.gov'}~~
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown
Summary	~~(en) MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.~~	(en) The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.

26 Jun 2025, 18:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-25 17:15

Updated : 2025-07-17 14:15

NVD link : CVE-2025-49152

Mitre link : CVE-2025-49152

CVE.ORG link : CVE-2025-49152

JSON object : View

Products Affected

No product.

CWE

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-49152", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-25T17:15:38.100", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-07", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system."}, {"lang": "es", "value": "MICROSENS NMP Web+ contiene JSON Web Tokens (JWT) que no caducan, lo que podr\u00eda permitir que un atacante obtenga acceso al sistema."}], "lastModified": "2025-07-17T14:15:31.493", "sourceIdentifier": "ics-cert@hq.dhs.gov"}