CVE-2025-26499 (CNNVD-202509-1647)
中文标题:
Wind River Studio Developer 安全漏洞
英文标题:
Under heavy system utilization a random race condition can occur during authentication or token refr...
漏洞描述
中文描述:
Wind River Studio Developer是美国Wind River Studio Developer公司的一款具有构建、测试和调试嵌入式系统应用的工具。 Wind River Studio Developer存在安全漏洞,该漏洞源于在高系统负载下身份验证或令牌刷新操作期间可能发生随机竞争条件,可能导致用户被授予其他用户的令牌,造成会话结束前的身份冒充。
英文描述:
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Wind River Studio Developer | Wind River Studio Developer | - | < 24.11>= | - |
cpe:2.3:a:wind_river_studio_developer:wind_river_studio_developer:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-26499 |
2025-11-11 15:23:11 | 2025-11-11 07:40:17 |
| NVD | nvd_CVE-2025-26499 |
2025-11-11 15:01:02 | 2025-11-11 07:48:07 |
| CNNVD | cnnvd_CNNVD-202509-1647 |
2025-11-11 15:12:56 | 2025-11-11 08:00:10 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202509-1647
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']