2 matches found
CVE-2025-35433
CVE-2025-35433 affects the CISA Thorium framework, where previously issued tokens may remain valid after a password reset, allowing an attacker to log in if they possess an old token. The vulnerability is documented with a high-severity CVSS v3.1 impact (Confidentiality, Integrity, Availability a...
CVE-2025-35433 CISA Thorium does not properly invalidate previously used tokens
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1...