Improper Permission Verification in Pig by Pig-Mesh
CVE-2025-63691

9.6CRITICAL

Key Information:

Vendor

Pig-Mesh

Status
Vendor
CVE Published:
7 November 2025

What is CVE-2025-63691?

In Pig version 3.8.2 and earlier, an improper permission verification issue within the Token Management function under the System Management module leads to significant security risks. The token query interface (/api/admin/sys-token/page) can be accessed by any logged-in user, exposing plaintext authentication tokens of all users currently authenticated in the system. This vulnerability enables standard users to retrieve the administrator's authentication token, facilitating unauthorized account access, granting management permissions, and enabling potential system takeovers.

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.