CVE-2025-64762
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-12-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| workos | authkit-nextjs | to 2.11.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-524 | The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the AuthKit library for Next.js versions 2.11.0 and below, where authenticated responses do not include anti-caching headers. As a result, in environments using CDN caching, session tokens may be cached and served to multiple users, potentially exposing sensitive authentication information. The issue is fixed in version 2.11.1 by applying anti-caching headers to all authenticated responses.
How can this vulnerability impact me? :
If you use AuthKit for Next.js version 2.11.0 or below and have CDN caching enabled on authenticated paths, session tokens could be cached and inadvertently shared with other users. This can lead to unauthorized access to user sessions and compromise account security.
What immediate steps should I take to mitigate this vulnerability?
Upgrade authkit-nextjs to version 2.11.1 or later, which applies anti-caching headers to all responses behind authentication to prevent session tokens from being cached and served to multiple users. Additionally, review your CDN caching configuration to ensure that authenticated paths do not have cache headers enabled.