CVE-2025-12624 — Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usabl — CVE Database · The Intelligence Room