CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2025-57735 CRITICAL
Apache Airflow: Airflow Logout Not Invalidating JWT
CVSS 9.1
CVE-2025-66483 MEDIUM
IBM Aspera Shares 1.9.9-1.11.0 - Session Not Invalidated After Password Reset
CVSS 6.3
CVE-2025-55264 MEDIUM
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change
CVSS 5.5
CVE-2025-14810 MEDIUM
IBM InfoSphere Information Server is vulnerable due to insufficient session expiration
CVSS 6.3
CVE-2025-15553 HIGH
Insecure Logout Functionality in Truesec LAPSWebUI
CVSS 7.1
CVE-2025-15552 HIGH
Long Session Lifetime in Truesec LAPSWebUI
CVSS 7.8
CVE-2025-59786 CRITICAL
2N Access Commander <3.4.2 - Auth Bypass
CVSS 9.8
CVE-2025-36377 MEDIUM
IBM Security QRadar EDR 3.12-3.12.23 - Auth Bypass
CVSS 6.3
CVE-2025-36376 MEDIUM
IBM Security QRadar EDR 3.12-3.12.23 - Auth Bypass
CVSS 6.3
CVE-2025-27898 MEDIUM
IBM DB2 Recovery Expert 5.5 IF002 - Auth Bypass
CVSS 6.3
CVE-2025-55705 HIGH
Evmapa EV Charging System - Session Management
CVSS 7.3
CVE-2025-36065 MEDIUM
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00-5.2.0.12 - Insufficient Session Expiration
CVSS 6.3
CVE-2025-36063 MEDIUM
IBM Sterling Connect:Express Adapter 5.2.0.00-5.2.0.12 - Insufficient Session Expiration
CVSS 6.3
CVE-2025-52661 LOW
HCL AION 2 - Insufficient Session Expiration
CVSS 2.4
CVE-2025-4677 MEDIUM
ABB WebPro SNMP Card PowerValue <1.1.8.K - Info Disclosure
CVSS 6.5
CVE-2025-31962 LOW
HCL BigFix IVR 4.2 - Insufficient Session Expiration in Web UI Authentication
CVSS 2.0
CVE-2025-68954 MEDIUM
Pterodactyl <1.11.11 - Info Disclosure
CVSS 5.4
CVE-2025-55254 LOW
HCL BigFix Remote Control Lite Web Portal <=10.1.0.0326 - Path-Relative Stylesheet Code Execution
CVSS 3.7
CVE-2025-62329 MEDIUM
HCL DevOps Deploy 8.0.0.0-8.0.1.10 and HCL Launch 7.3.0.0-7.3.2.15 - Insufficient Session Expiration via Race Condition
CVSS 5.0
CVE-2025-36360 MEDIUM
IBM UrbanCode/DevOps Deploy Insufficient Session Expiration via Race Condition
CVSS 5.0
CVE-2025-65430 MEDIUM
allauth < 65.13.0 - Insufficient Session Expiration
CVSS 5.4
CVE-2025-62631 MEDIUM
FortiOS 6.4.0-6.4.15, 7.0.0-7.0.18, 7.2.0-7.2.12, 7.4.0 - Insufficient Session Expiration via SSLVPN
CVSS 5.6
CVE-2025-65883 HIGH
Genexis Platinum 4410 Firmware P4410-V2-1.41 - Remote Code Execution via Stale Session Token Reuse
CVSS 8.4
CVE-2025-11699 HIGH
nopCommerce < 4.70.0 and 4.80.3 - Insufficient Session Expiration
CVSS 7.1
CVE-2025-66289 HIGH
OrangeHRM 5.0-5.7 - Insufficient Session Expiration
CVSS 8.8
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits