CNNVD-202510-2369 Information

CNNVD ID

CNNVD-202510-2369

Related CVE

CVE-2025-3930

• CNNVD Published: 2025-10-16

Description (Chinese)

Strapi是法国strapi社区的一套开源的内容管理系统（CMS）。 Strapi 5.24.1之前版本存在代码问题漏洞，该漏洞源于注销或停用账户后未使JWT失效且存在/admin/renew-token端点，可能导致令牌被恶意重用。

Description (English)

Strapi is an open-source content management system (CMS) for the French community of Strapi. There was a code gap in the pre-Strapi version of 5.24.1, which arose from the failure to invalidate JWT and the existence of the /admin/renew-token end point after the cancellation or decommissioning of the account, which could lead to the malice of the token.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

strapi

Published

2025-10-16

Last Modified

2026-02-24

References

https://cert.pl/en/posts/2025/06/CVE-2025-3930 https://cert.pl/posts/2025/06/CVE-2025-3930 https://github.com/strapi/strapi https://strapi.io/

Patch

https://github.com/strapi/strapi/releases