CVE-2025-51306
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-10-09
Assigner: MITRE
Description
Description
In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gatling | gatling | to 1.25.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1259 | The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Gatling Enterprise versions below 1.25.0, where after a user logs out, their session token remains valid and can still be used to access the application without expiration. This is due to incorrect session management.
How can this vulnerability impact me? :
The vulnerability allows a user to continue accessing the application even after logging out, which can lead to unauthorized access and potential misuse of the application by someone who obtains the session token.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70