Improper Permission Verification in Pig by Pig-Mesh
CVE-2025-63691
9.6CRITICAL
What is CVE-2025-63691?
In Pig version 3.8.2 and earlier, an improper permission verification issue within the Token Management function under the System Management module leads to significant security risks. The token query interface (/api/admin/sys-token/page) can be accessed by any logged-in user, exposing plaintext authentication tokens of all users currently authenticated in the system. This vulnerability enables standard users to retrieve the administrator's authentication token, facilitating unauthorized account access, granting management permissions, and enabling potential system takeovers.
