Vulnerability Details CVE-2025-6391
Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2025-6391
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:1.0.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:1.1.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:1.2.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:1.3.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:1.3.0a
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:2.0.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:2.1.0a
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:2.1.1_01
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.0.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.0.0a
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.1.0
-
cpe:2.3:a:broadcom:brocade_active_support_connectivity_gateway:3.2.0