CVE-2025-66432
📋 TL;DR
This vulnerability allows API tokens in Oxide control plane to be renewed beyond their intended expiration date, potentially enabling unauthorized access. It affects organizations running Oxide control plane versions 15 through 17 before 17.1. The issue stems from improper validation of token expiration during renewal operations.
💻 Affected Systems
- Oxide control plane
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker with a previously compromised token could maintain persistent access to the control plane indefinitely, potentially leading to full system compromise, data exfiltration, or service disruption.
Likely Case
Legitimate users or administrators with expired tokens could unintentionally maintain access beyond intended timeframes, violating security policies and audit requirements.
If Mitigated
With proper monitoring and token lifecycle management, the impact is limited to potential policy violations rather than active exploitation.
🎯 Exploit Status
Exploitation requires a valid API token that has expired or will expire. The renewal process itself is the attack vector.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.1
Vendor Advisory: https://docs.oxide.computer/security/advisories/20251117-1
Restart Required: Yes
Instructions:
1. Backup current configuration and data. 2. Update Oxide control plane to version 17.1 or later. 3. Restart the control plane service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Manual Token Expiration Enforcement
allImplement external monitoring to detect and revoke tokens that exceed their intended lifespan
Reduced Token Lifetimes
allConfigure shorter token expiration times to limit potential exposure window
🧯 If You Can't Patch
- Implement strict monitoring of token usage and automated revocation of tokens past expiration dates
- Deploy network segmentation to limit access to the control plane from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check the Oxide control plane version. If it's between 15.0.0 and 17.0.x (excluding 17.1), it's vulnerable.Check Version:
oxide versionVerify Fix Applied:
After updating to 17.1 or later, attempt to renew an expired API token - this should fail with proper expiration validation.📡 Detection & Monitoring
Log Indicators:
- Successful API token renewals occurring after the original expiration timestamp
- Multiple renewal attempts for the same token over extended periods
Network Indicators:
- Unusual patterns of API token usage from the same source over extended timeframes
SIEM Query:
source="oxide-control-plane" AND (event="token_renewal" AND timestamp > token_expiry)