CNNVD-202509-2700 Information
CNNVD ID
CNNVD-202509-2700
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.1之前版本存在安全漏洞,该漏洞源于未正确使先前使用的令牌失效,可能导致攻击者在密码重置后仍能登录。
Description (English)
CISA Thorium is a highly scalable, distributed malware analysis and data generation framework for the United States Cyber Security and Infrastructure Security Agency (CISA) government departments. There was a security loophole in the previous version of CISA Thorium 1.1.1, which resulted from the incorrect invalidation of previously used tokens, which could result in the attackers being able to log in after the password was reset.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cisofy
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-57a8b13962b268bcc3690df0f6c0d6ddeca7cbc7b05c3c20903cb07e659330eaR844-R849 https://github.com/cisagov/thorium/releases/tag/1.1.1 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json https://www.cve.org/CVERecord?id=CVE-2025-35433
Patch
https://github.com/cisagov/thorium/releases
Share on: