CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

June 1, 2025

CVE ID : CVE-2025-5409

Published : June 1, 2025, 10:15 p.m. | 5 hours, 5 minutes ago

Description : A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API Token Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The identifier of the patch is db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

Next Article CVE-2025-5408 – WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 HTTP POST Request Handler Buffer Overflow

Highlights

CVE-2025-6843 – “Code-projects Simple Photo Gallery Unrestricted File Upload Vulnerability”

June 29, 2025

CVE ID : CVE-2025-6843

Published : June 29, 2025, 4:15 a.m. | 3 hours, 6 minutes ago

Description : A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

PowerToys 0.92 is here with better performance and smarter controls

Stimulator keeps your computer awake

Inside the Frontier of AI, WebXR & Real-Time 3D: Crafting KODE Immersive

CVE-2025-7408 – SourceCodester Zoo Management System Cross-Site Scripting Vulnerability

CVE-2025-6843 – “Code-projects Simple Photo Gallery Unrestricted File Upload Vulnerability”

EasyDict-GTK is a simple translator

Chrome 140 Plans to Play Nicer with Wayland on Linux

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Related Posts