Description
The affected products contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
Scores
CVSS v4
8.7
EPSS
0.0032
EPSS Percentile
55.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (1)
Microsens/NMP Web+
< Version 3.2.5
Published
Jun 25, 2025
Tracked Since
Feb 18, 2026