A critical security vulnerability has been identified in multiple "In" products, specifically within the pig-mesh component. This flaw allows unauthorized users to access sensitive session tokens, which can be used to hijack active user sessions, including those of administrators. Successful exploitation could lead to a complete system compromise, allowing an attacker to steal data, modify system configurations, and disrupt operations.

The vulnerability is an improper permission verification flaw in the Token Management function. The specific API endpoint, /api/admin/sys-token/page, fails to properly validate if the requesting user has sufficient privileges to view active session tokens. A low-privileged or unauthenticated attacker can send a request to this endpoint and receive a list of all active tokens on the system, which may include tokens for high-privileged administrator accounts. An attacker can then use a stolen administrator token to impersonate that user, bypassing all authentication mechanisms and gaining complete administrative control over the application.

This vulnerability is rated as critical severity with a CVSS score of 9.6, posing a significant risk to the organization. Exploitation can lead to a full system compromise, granting an attacker the same level of access as an administrator. The potential consequences include unauthorized access to and exfiltration of sensitive data, deployment of malware or ransomware, manipulation of critical system settings, and complete service disruption. A successful attack could result in severe financial losses, reputational damage, and potential regulatory penalties for a data breach.

Immediate Action: Immediately apply the necessary security updates by upgrading In Multiple Products to the latest patched version. Organizations should consult the official vendor security advisory for specific patch information and installation instructions. After patching, it is crucial to review access logs for any signs of prior compromise and monitor for continued exploitation attempts.

Proactive Monitoring: Implement enhanced monitoring of the application's access logs. Specifically, look for unusual or unauthorized requests to the /api/admin/sys-token/page endpoint. Alert on requests originating from unexpected IP addresses or those that do not correspond to legitimate administrative activity. Monitor for abnormal user behavior, such as an administrator account performing actions from an unfamiliar location or at an unusual time, which could indicate a hijacked session.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to mitigate risk. Use a Web Application Firewall (WAF) or reverse proxy to create a rule that blocks or restricts access to the vulnerable /api/admin/sys-token/page endpoint for all non-administrative users or IP ranges. Enforcing shorter session timeouts can also reduce the window of opportunity for an attacker to use a stolen token.

Public Exploit Available: false

Given the critical CVSS score of 9.6, this vulnerability represents a severe and immediate threat. We strongly recommend that organizations prioritize the deployment of the vendor-supplied patches across all affected systems without delay. Although this CVE is not currently listed on the CISA KEV catalog, its high impact makes it a prime target for opportunistic and sophisticated attackers. The remediation and monitoring actions outlined in this report should be treated as the highest priority to prevent a potential system compromise.