CVE-2025-6391
HIGHCVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2Description
Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.
Analysis
JSON Web Token exposure in Brocade Active Support Connectivity Gateway (ASCG) prior to version 3.3.0 enables high-privileged local attackers to extract unencrypted authentication tokens from log files, leading to unauthorized access and session hijacking. This CWE-532 (insertion of sensitive information into log file) vulnerability requires local access with high privileges but presents low attack complexity. EPSS data not provided; no confirmed active exploitation (not present in CISA KEV); no public exploit code identified at time of analysis. The CVSS 4.0 score of 7.1 reflects significant confidentiality and integrity impact within the vulnerable component scope.
Technical Context
Brocade Active Support Connectivity Gateway is Broadcom's remote support infrastructure component used for secure connectivity between customer environments and Brocade support systems. The vulnerability stems from CWE-532 (Insertion of Sensitive Information Into Log File), where the application writes JSON Web Tokens directly to log files in cleartext. JWTs are bearer tokens commonly used for authentication and session management in modern web applications and APIs. When logged unencrypted, these tokens become accessible to any user with sufficient privileges to read system logs. The affected product is identified by CPE cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:*:*:*:*:*:*:*:* for all versions prior to 3.3.0. This represents a design flaw in logging practices where sensitive authentication material is treated as standard diagnostic data rather than protected credential information requiring secure handling and storage.
Affected Products
Broadcom Brocade Active Support Connectivity Gateway (ASCG) versions prior to 3.3.0 are affected by this vulnerability, identified by CPE cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:*:*:*:*:*:*:*:*. The vulnerability impacts all deployment configurations of ASCG where log files are accessible to high-privileged local users. Broadcom has published security advisory details at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951 which should be consulted for complete product version information and deployment-specific guidance.
Remediation
Upgrade Brocade Active Support Connectivity Gateway to version 3.3.0 or later, which resolves the JWT logging issue. Organizations should obtain the patched version through Broadcom's official support channels and follow vendor-provided upgrade procedures documented in the security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35951. As an interim risk mitigation measure until patching is complete, organizations should implement strict access controls on ASCG log file directories, limiting read access to only essential administrative accounts, and consider implementing log file encryption at rest if supported by the underlying operating system. Review existing log files for exposed JWT tokens and rotate any potentially compromised credentials or sessions. Implement monitoring for unauthorized access to log directories and establish audit trails for log file access by privileged users.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today