CNNVD-202510-3454 Information

CNNVD ID

CNNVD-202510-3454

Related CVE

CVE-2025-62781

• CNNVD Published: 2025-10-27

Description (Chinese)

PILOS是THM开源的一个前端软件。 PILOS 4.8.0之前版本存在代码问题漏洞，该漏洞源于密码更改后当前会话令牌未失效，可能导致攻击者继续使用已获取的会话令牌维持访问权限。

Description (English)

PILOS is a front-end software for the THM open source. There was a code gap in the previous version of PILOS 4.8.0, which stemmed from the fact that the current message token had not expired after the password had been changed and could result in the attackers continuing to use the acquired message token to maintain access.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

THM

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/THM-Health/PILOS/security/advisories/GHSA-m8w5-8w3h-72wm https://access.redhat.com/security/cve/cve-2025-62781

Patch

https://github.com/THM-Health/PILOS/releases