CVE-2025-66432
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
AnalysisAI
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-420. In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. Version information: through 17.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-420 – Unprotected Alternate Channel
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today