CVE-2025-53642
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| psu | haxcms-nodejs | to 11.0.6 (exc) |
| psu | haxcms-php | to 11.0.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the logout function of haxcms-nodejs and haxcms-php backends for HAXcms. When a user logs out, the application fails to terminate the user's session or clear their cookies properly. Additionally, it issues a refresh token upon logout, which should not happen. This can allow unauthorized access or session persistence after logout. The issue is fixed in version 11.0.6.
How can this vulnerability impact me? :
Because the logout function does not properly terminate sessions or clear cookies and issues a refresh token on logout, an attacker or unauthorized user might be able to reuse the session or tokens to gain continued access to the application even after the user has logged out. This can lead to unauthorized access to user accounts and potentially sensitive information.
What immediate steps should I take to mitigate this vulnerability?
Upgrade haxcms-nodejs and haxcms-php to version 11.0.6 or later, as this version fixes the vulnerability related to improper session termination and refresh token issuance on logout.