CVE-2025-6391 is a high-severity vulnerability affecting Broadcom's Brocade ASCG product versions prior to 3.3.0. The core issue is the improper handling of sensitive information, specifically JSON Web Tokens (JWTs), which are logged in plaintext within system log files. JWTs are commonly used for authentication and session management, containing encoded claims that grant access to protected resources. When these tokens are recorded unencrypted in logs, any attacker or unauthorized user with access to these log files can extract the tokens and potentially use them to impersonate legitimate users, hijack sessions, or gain unauthorized access to sensitive systems. This vulnerability falls under CWE-532, which concerns the insertion of sensitive information into log files, a known security anti-pattern that can lead to significant confidentiality breaches. The CVSS 4.0 score of 7.1 reflects a high severity, considering the attack vector is local (AV:L), requiring low attack complexity (AC:L), and privileges (PR:H) with partial authentication (AT:P). The vulnerability does not require user interaction (UI:N) but impacts confidentiality, integrity, and availability at a high level (VC:H, VI:H, VA:H). There are no known exploits in the wild as of the published date, and no official patches have been linked yet. The vulnerability is critical because logs are often accessible to multiple system administrators or potentially attackers who have gained limited access, making token leakage a serious risk for session hijacking and unauthorized access.

For European organizations using Brocade ASCG versions before 3.3.0, this vulnerability poses a significant risk to the confidentiality and integrity of authentication tokens. Unauthorized access to JWTs can lead to session hijacking, allowing attackers to impersonate users or administrators, potentially leading to data breaches, unauthorized configuration changes, or disruption of services. Given that Brocade ASCG is used in storage and network management contexts, exploitation could compromise critical infrastructure components, affecting data availability and integrity. The impact is heightened in regulated industries common in Europe, such as finance, healthcare, and critical infrastructure, where unauthorized access can lead to severe compliance violations under GDPR and other regulations. Additionally, the local attack vector implies that insider threats or attackers who have gained limited system access can escalate their privileges by leveraging exposed tokens. This vulnerability could also facilitate lateral movement within networks, increasing the scope of compromise.

European organizations should immediately audit their Brocade ASCG deployments to identify versions prior to 3.3.0 and plan for an upgrade to the latest version where this logging behavior is corrected. Until patches are available, organizations should restrict access to log files strictly to trusted administrators and implement enhanced monitoring for unusual access patterns to logs. Employing log management solutions that encrypt or redact sensitive information, including JWTs, can mitigate exposure. Additionally, organizations should consider rotating JWT signing keys and invalidating existing tokens to limit the window of exploitation. Implementing strict access controls and multi-factor authentication for administrative access to Brocade ASCG systems will reduce the risk of unauthorized log access. Finally, reviewing and hardening local system permissions and auditing user activities can help detect and prevent exploitation attempts.