Security Advisory

CVE-2025-63666

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-12 00:00:00
Last updated 2025-11-18 14:33:15
Assigner mitre
State PUBLISHED

Description

Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.