CNNVD-202509-1647 Information
CNNVD ID
CNNVD-202509-1647
Related CVE
- CNNVD Published: 2025-09-11
Description (Chinese)
Wind River Studio Developer是美国Wind River Studio Developer公司的一款具有构建、测试和调试嵌入式系统应用的工具。 Wind River Studio Developer存在安全漏洞,该漏洞源于在高系统负载下身份验证或令牌刷新操作期间可能发生随机竞争条件,可能导致用户被授予其他用户的令牌,造成会话结束前的身份冒充。
Description (English)
Wind River Studio Devloper is a tool of the United States company Wind River Studio Devloper that has built, tested and debugged embedded system applications. There is a security loophole in Wind River Studio Devloper, which stems from the possibility of random competitive conditions during a high-system load of identification or token refreshing operations, which may result in users being given tokens to other users, resulting in identity impersonation before the end of the session.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Wipotec
Published
2025-09-11
Last Modified
2026-02-24
References
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2025-26499 https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499
Patch
https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499
Share on: