CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

June 1, 2025

CVE ID : CVE-2025-5409

Published : June 1, 2025, 10:15 p.m. | 5 hours, 5 minutes ago

Description : A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

Next Article CVE-2025-5408 – WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 HTTP POST Request Handler Buffer Overflow

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

I took a walk with Meta’s new Oakley smart glasses – they beat my Ray-Bans in every way

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Top 7 Computer Performance Test Tools Online (Free & Fast)

Top 7 Computer Performance Test Tools Online (Free & Fast)

10 Best Windows 11 Encryption Software

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

I finally found a pair of earbuds that drown out my noisy commute (and they’re $99)

How to watch Microsoft’s special 50th anniversary Copilot event

CVE-2025-48494 – Gokapi Stored Cross-Site Scripting Vulnerability

Optimizing Actions with Laravel’s Fluent Class

Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability

CVE-2025-3278 – “UrbanGo Membership Plugin Privilege Escalation Vulnerability”

CVE-2025-1093 – WordPress AIHub Theme Remote Code Execution File Upload Vulnerability

CVE-2025-2812 – Mydata Informatics Ticket Sales Automation SQL Injection

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Related Posts