CVE-2025-66432

MEDIUM
Published Nov 30, 2025 Modified Apr 15, 2026 CWE-420

Description

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.

CVSS v3.1 Score

5.0
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Weakness Type (CWE)

CWE-420 CWE-420

References

Frequently Asked Questions

What is CVE-2025-66432? +
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date. It has a CVSS v3.1 base score of 5.0 (MEDIUM).
How severe is CVE-2025-66432? +
CVE-2025-66432 has a CVSS v3.1 score of 5.0 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
How do I check if I'm vulnerable to CVE-2025-66432? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-6242

A vulnerability exists in Rockwell Automation affected products that allows a threat actor to bypass the Trusted® Slot feature in …
CVE-2024-10081 10.0

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass …
CVE-2025-52921 9.9

In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code …
CVE-2025-13315 9.8

Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web …
CVE-2025-54309 9.0

CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and …
CVE-2025-54351 8.9

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-66432 — free, no signup required.

Start Free Scan