CVE-2025-35433 is a vulnerability identified in CISA Thorium version 1.0.0, categorized under CWE-613 (Insufficient Session Expiration). The issue arises because the application does not properly invalidate previously used authentication tokens when a user resets their password. This flaw allows an attacker who has obtained a previously valid token to continue accessing the account even after the legitimate user has changed their password. The vulnerability affects the session management mechanism, specifically the token invalidation process, which is critical for ensuring that old credentials cannot be reused once a password reset occurs. The CVSS 3.1 base score is 5.0 (medium severity), with the vector indicating network attack vector (AV:N), high attack complexity (AC:H), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and low impact on confidentiality, integrity, and availability (C:L/I:L/A:L). This means exploitation requires some effort and limited privileges but can be performed remotely without user interaction. The vulnerability was fixed in version 1.1.1 of CISA Thorium. No known exploits are currently reported in the wild. The core risk is that attackers with access to old tokens can bypass password reset protections, potentially maintaining unauthorized access to sensitive systems or data.

For European organizations using CISA Thorium 1.0.0, this vulnerability poses a moderate risk. The ability for an attacker to reuse old tokens after a password reset undermines the fundamental security assumption that password resets revoke prior access. This can lead to prolonged unauthorized access, data exposure, and potential manipulation of sensitive information. Given that CISA Thorium is a product associated with cybersecurity infrastructure, compromised accounts could lead to broader security breaches or disruption of security monitoring capabilities. The impact on confidentiality, integrity, and availability is low to moderate but could escalate if attackers leverage this access to pivot to other systems. European organizations with strict data protection regulations like GDPR must consider the compliance implications of unauthorized access. The medium CVSS score reflects the balance between the difficulty of exploitation and the potential for persistent unauthorized access.

Organizations should immediately upgrade CISA Thorium to version 1.1.1 or later, where the token invalidation issue is resolved. Until the patch is applied, administrators should enforce additional compensating controls such as: 1) Manually invalidating all active sessions and tokens for users who perform password resets; 2) Implementing multi-factor authentication (MFA) to reduce the risk of token misuse; 3) Monitoring logs for unusual login patterns, especially post-password reset; 4) Restricting token lifetime and enforcing short session expiration times; 5) Educating users and administrators about the risk of token reuse and encouraging prompt reporting of suspicious activity. Network segmentation and limiting access to the Thorium management interfaces can also reduce exposure. Regular security audits and penetration testing focused on session management can help detect similar issues proactively.