CVE-2025-4754

Published Jun 17, 2025

Last updated 14 days ago

Overview

Description: Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.
Source: 6b3ad84c-e1a6-4bf7-a703-f496b71e49db
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 2.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: LOW

Weaknesses

6b3ad84c-e1a6-4bf7-a703-f496b71e49db: CWE-613

Hype score: Not currently trending

🔐 EEF Advisory: CVE-2025-4754 – Session not revoked on logout in ash_authentication_phoenix (<2.10.0). Low risk: stale cookies may be reused. ✅ Fixed in 2.10.0 — upgrade recommended. 📎 Details: https://t.co/N9Bq5FxDP2 #Elixir #Phoenix #Security
@TheErlef
17 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.