CVE Vulnerabilities

CVE-2025-53642

Insufficient Session Expiration

Published: Jul 11, 2025 | Modified: Aug 22, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a users session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name Vendor Start Version End Version
Haxcms-nodejs Psu * 11.0.6 (excluding)
Haxcms-php Psu * 11.0.6 (excluding)

Potential Mitigations

References