CVE-2025-66432

Summary

In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.

Affected Software

VendorProductVersion RangeStatus
OxideOmicron15 < 17.1affected

Weaknesses

  • CWE-420: CWE-420 Unprotected Alternate Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References