Security Advisory

CVE-2025-35433

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-17 16:52:53

Last updated 2025-09-30 16:29:21

Assigner cisa-cg

State PUBLISHED

Description

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1.

← Browse all CVEs View on cve.org ↗