QwikSec

Security Database

CVE

CWE

Training

CVE-2025-64386

Published: Oct 31, 2025

Modified: Nov 3, 2025

PUBLISHED

Description

The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.

Vendor	Product	Versions
Circutor	TCPRS1plus	affected `1.0.14`

Weaknesses (CWE)

References

https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./

product

https://www.hackrtu.com/blog/cg-0day-en-003/

technical-description

https://cds.thalesgroup.com/es/s21sec-about

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.