VYPR
Medium severity5.0NVD Advisory· Published Sep 17, 2025· Updated Jun 17, 2026

CVE-2025-35433

CVE-2025-35433

Description

CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cisagov/Thoriumllm-create2 versions
    <1.1.1+ 1 more
    • (no CPE)range: <1.1.1
    • (no CPE)range: 1.0.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.