CVE-2026-25720: CWE-613 Insufficient session expiration in SenseLive X3050
CVE-2026-25720 is a medium severity vulnerability affecting SenseLive X3050 version V1. 523. It involves insufficient session expiration in the device's web management interface, allowing authenticated sessions to remain active for extended periods without re-authentication. This could enable an attacker with access to a previously authenticated session to continue administrative interactions after legitimate user activity has ended. There is no official patch or remediation level provided by the vendor as of the published date. No known exploits are reported in the wild.
AI Analysis
Technical Summary
SenseLive X3050 version V1.523 contains a session management vulnerability (CWE-613) where the web management interface does not properly enforce session lifetime expiration. Authenticated sessions can persist longer than intended, potentially allowing unauthorized continued access if an attacker gains control of a valid session token. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and limited confidentiality and integrity impact.
Potential Impact
An attacker who obtains a previously authenticated session could maintain access to administrative functions on the SenseLive X3050 device beyond the normal session expiration period. This could lead to unauthorized administrative actions if session tokens are compromised or left active. However, the vulnerability does not require privileges or user interaction to exploit and has limited impact on confidentiality and integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider manual session management controls such as enforcing shorter session timeouts via configuration if possible, and ensuring session tokens are protected from unauthorized access. Monitor for vendor updates regarding patches or official mitigations.
CVE-2026-25720: CWE-613 Insufficient session expiration in SenseLive X3050
Description
CVE-2026-25720 is a medium severity vulnerability affecting SenseLive X3050 version V1. 523. It involves insufficient session expiration in the device's web management interface, allowing authenticated sessions to remain active for extended periods without re-authentication. This could enable an attacker with access to a previously authenticated session to continue administrative interactions after legitimate user activity has ended. There is no official patch or remediation level provided by the vendor as of the published date. No known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SenseLive X3050 version V1.523 contains a session management vulnerability (CWE-613) where the web management interface does not properly enforce session lifetime expiration. Authenticated sessions can persist longer than intended, potentially allowing unauthorized continued access if an attacker gains control of a valid session token. The CVSS 4.0 base score is 6.9 (medium severity), reflecting network attack vector, low complexity, no privileges or user interaction required, and limited confidentiality and integrity impact.
Potential Impact
An attacker who obtains a previously authenticated session could maintain access to administrative functions on the SenseLive X3050 device beyond the normal session expiration period. This could lead to unauthorized administrative actions if session tokens are compromised or left active. However, the vulnerability does not require privileges or user interaction to exploit and has limited impact on confidentiality and integrity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, organizations should consider manual session management controls such as enforcing shorter session timeouts via configuration if possible, and ensuring session tokens are protected from unauthorized access. Monitor for vendor updates regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-04-14T16:05:54.140Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eab07687115cfb687ad29d
Added to database: 4/23/2026, 11:51:18 PM
Last enriched: 4/24/2026, 12:06:11 AM
Last updated: 4/24/2026, 1:11:56 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.