CVE-2025-5409
Mist Community Edition up to 4.7.1 improper access controls vulnerability
Overview
A critical vulnerability was discovered in Mist Community Edition up to 4.7.1. It impacts the 'create_token' function and leads to improper access controls. The vulnerability can be exploited remotely, and an exploit is available publicly.
Technical Details
The vulnerability affects the function 'create_token' of the file 'src/mist/api/auth/views.py' of the API Token Handler component. Manipulation of this component leads to improper access controls which can be exploited remotely.
CVSS Metrics
- Base Score: 7.3 (HIGH)
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: LOW
Impact
The vulnerability can lead to unauthorized access and can potentially impact the confidentiality, integrity, and availability of the system.
Recommendations
It's recommended to upgrade to version 4.7.2. Patch identifier for the upgrade is db10ecb62ac832c1ed4924556d167efb9bc07fad.
Threat Metrics
- cvss_score: 7.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW