CVE-2025-46743
Description
An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SEL software authentication tokens remain valid after logout, allowing reuse by other sources before expiration.
The vulnerability stems from a flaw in how SEL software handles authentication tokens. When a user logs out, the corresponding token is not immediately invalidated; instead, it remains valid until its natural expiration time. This allows a token that was captured prior to logout to be reused by another source.
Exploitation requires an attacker to have previously intercepted or obtained a valid token, such as through network sniffing, before the legitimate user logs out. No additional authentication is needed if the token is reused within its validity window. The attack can be performed from any network position that can access the affected service.
A successful attack enables an unauthorized actor to impersonate the logged-out user, gaining the same level of access to the SEL system. This could lead to unauthorized viewing or modification of system configurations, potentially impacting operational security.
SEL has addressed this issue in the latest software versions listed on their website [1]. Users are advised to update to the patched version to prevent token reuse. No workarounds have been provided for unpatched versions.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.