Privilege Context Switching Error

CVE-2025-26499

Medium

6/10

Summary

Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-270 - Privilege Context Switching Error

The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

References

Advisory Timeline

Published Sep 11, 2025

Privilege Context Switching Error

CVE-2025-26499

Summary

CWE-270 - Privilege Context Switching Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS