CVE-2025-6391 is a high-severity vulnerability affecting Broadcom's Brocade ASCG product versions prior to 3.3.0. The vulnerability stems from the improper handling of sensitive information, specifically JSON Web Tokens (JWTs), which are logged in plaintext within system log files. JWTs are commonly used for authentication and session management, containing encoded claims that can grant access to protected resources. By logging these tokens unencrypted, an attacker who gains access to the log files can extract these tokens and potentially perform unauthorized actions such as session hijacking, unauthorized access to systems, and information disclosure. The vulnerability is categorized under CWE-532, which involves the insertion of sensitive information into log files, a common security misconfiguration that can lead to significant confidentiality breaches. The CVSS 4.0 score of 7.1 reflects a high severity, with the vector indicating that the attack requires local access (AV:L) and privileges (PR:H), but no user interaction (UI:N). The vulnerability impacts confidentiality, integrity, and availability at a high level, as the attacker can leverage stolen tokens to impersonate legitimate users or administrators. Although no known exploits are reported in the wild yet, the presence of such sensitive data in logs represents a critical security risk that should be addressed promptly. The lack of a patch link suggests that remediation may require upgrading to version 3.3.0 or later, where this logging behavior is presumably corrected.

For European organizations using Brocade ASCG, this vulnerability poses a significant risk to the confidentiality and integrity of their authentication mechanisms. Unauthorized access via stolen JWTs could lead to data breaches, unauthorized configuration changes, and potential disruption of network services managed by Brocade ASCG. Given that Brocade ASCG is typically used in storage and network infrastructure environments, exploitation could compromise critical infrastructure components, impacting business continuity and regulatory compliance, especially under GDPR where unauthorized data access can lead to heavy fines. The local access requirement means that attackers would need some level of access to the system or network segment where logs are stored, which could be achieved through insider threats or lateral movement after initial compromise. The high privileges required further limit the attack surface but do not eliminate the risk, especially in complex enterprise environments where privilege escalation is possible. The exposure of JWTs in logs could also facilitate further attacks against other integrated systems relying on these tokens for authentication, amplifying the impact.

European organizations should immediately audit their Brocade ASCG deployments to identify versions prior to 3.3.0 and plan for an upgrade to version 3.3.0 or later where the vulnerability is resolved. Until upgrades can be applied, organizations should restrict access to log files strictly, implementing strict file permissions and monitoring access logs for suspicious activity. Employing log management solutions that encrypt logs at rest and in transit can reduce the risk of token leakage. Additionally, organizations should consider implementing short-lived JWTs and token revocation mechanisms to limit the window of opportunity for token misuse. Network segmentation and the principle of least privilege should be enforced to minimize the risk of attackers gaining local access with elevated privileges. Regular security audits and monitoring for anomalous authentication patterns can help detect potential exploitation attempts. Finally, organizations should review their incident response plans to include scenarios involving token theft and session hijacking.