CVE-2025-5409 is a vulnerability identified in Mist Community Edition versions up to 4.7.1, specifically affecting the API Token Handler component within the create_token function located in src/mist/api/auth/views.py. The vulnerability arises from improper access controls, allowing an attacker to remotely exploit the flaw without requiring any authentication or user interaction. The weakness enables unauthorized creation or manipulation of API tokens, potentially granting attackers elevated privileges or unauthorized access to protected resources. The vulnerability has been classified with a CVSS 4.0 base score of 6.9 (medium severity), reflecting its network attack vector, low attack complexity, and no required privileges or user interaction. The impact on confidentiality, integrity, and availability is considered low to medium, indicating some level of data exposure or modification risk but not full system compromise. The vendor has addressed this issue in version 4.7.2, with the patch identified by commit db10ecb62ac832c1ed4924556d167efb9bc07fad. No known exploits are currently reported in the wild, but public disclosure of the vulnerability increases the risk of exploitation. Organizations using affected versions should prioritize upgrading to the patched release to mitigate potential risks associated with unauthorized API token creation and access control bypass.

For European organizations utilizing Mist Community Edition, this vulnerability poses a risk of unauthorized access to network management or monitoring functions controlled via the API tokens. Exploitation could lead to unauthorized data access, manipulation of network configurations, or disruption of services managed through the affected software. While the severity is medium, the lack of required authentication and ease of remote exploitation increase the threat level, especially for organizations with internet-facing deployments or insufficient network segmentation. Confidentiality could be compromised if sensitive network data is accessed, and integrity could be affected if unauthorized changes are made to configurations. Availability impact is likely limited but cannot be ruled out if attackers disrupt critical network operations. Given the critical role of network management tools in enterprise environments, exploitation could facilitate lateral movement or further attacks within the network. European organizations in sectors such as telecommunications, finance, and critical infrastructure that rely on Mist Community Edition for network management should consider this vulnerability a significant risk.

1. Immediate upgrade to Mist Community Edition version 4.7.2 or later to apply the official patch addressing the improper access control in the create_token function. 2. Implement strict network segmentation and firewall rules to restrict access to the Mist API endpoints, limiting exposure to trusted internal networks only. 3. Monitor API token creation and usage logs for unusual or unauthorized activity, enabling early detection of exploitation attempts. 4. Employ multi-factor authentication (MFA) and strong access controls around administrative interfaces to reduce the risk of unauthorized access, even if API tokens are compromised. 5. Conduct regular vulnerability assessments and penetration testing focused on API security to identify and remediate similar access control weaknesses. 6. Maintain an up-to-date inventory of deployed Mist Community Edition instances and ensure timely patch management processes are in place. 7. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious API token creation requests.