CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

509 vulnerabilities with CWE-613
CVE-2025-65883 HIGH
Genexis Platinum P4410 - RCE
CVSS 8.4
CVE-2025-11699 HIGH
Nopcommerce < 4.70.0 - Insufficient Session Expiration
CVSS 7.1
CVE-2025-66289 HIGH
OrangeHRM <5.8 - Info Disclosure
CVSS 8.8
CVE-2025-66223 HIGH
OpenObserve <0.16.0 - Privilege Escalation
CVE-2025-53896 HIGH
Kiteworks MFT <9.1.0 - Info Disclosure
CVSS 7.1
CVE-2025-64708 MEDIUM
Authentik < 2025.8.5 - Insufficient Session Expiration
CVSS 5.8
CVE-2025-63226 MEDIUM
Sencore SMP100 - Session Hijacking
CVSS 5.7
CVE-2025-56643 CRITICAL
Requarks Wiki.js - Insufficient Session Expiration
CVSS 9.1
CVE-2025-55278 HIGH
HCL DevOps Loop - Auth Bypass
CVSS 8.1
CVE-2025-64386 HIGH
Equipment - Session Hijacking
CVE-2025-54547 MEDIUM
SSH Session Multiplexing - Info Disclosure
CVSS 5.3
CVE-2025-62781 MEDIUM
THM Pilos < 4.8.0 - Insufficient Session Expiration
CVSS 5.0
CVE-2025-12278 MEDIUM
Azure-access Blu-ic2 Firmware < 1.20 - Insufficient Session Expiration
CVSS 6.5
CVE-2025-12110 MEDIUM
Org.keycloak Keycloak-services - Insufficient Session Expiration
CVSS 5.4
CVE-2025-11429 MEDIUM
Keycloak - Logic Flaw
CVSS 5.4
CVE-2025-3930 MEDIUM
Strapi <5.24.1 - Auth Bypass
CVE-2025-25252 MEDIUM
FortiOS SSL VPN <7.6.2, 7.4.6, 7.2.10, 7.0.16, 6.4 - Info Disclosure
CVSS 4.8
CVE-2025-62174 LOW
Mastodon < 4.2.27 - Insufficient Session Expiration
CVSS 3.5
CVE-2025-61775 MEDIUM
Vickey <2025.10.0 - Info Disclosure
CVE-2025-54592 CRITICAL
Freshrss < 1.27.0 - Insufficient Session Expiration
CVSS 9.8
CVE-2025-59841 CRITICAL
Flagforge < 2.3.1 - CSRF
CVSS 9.8
CVE-2025-43819 MEDIUM
Liferay Digital Experience Platform - Insufficient Session Expiration
CVSS 6.5
CVE-2025-59335 HIGH
Cubecart < 6.5.11 - Insufficient Session Expiration
CVSS 7.1
CVE-2025-35433 MEDIUM
Cisa Thorium - Insufficient Session Expiration
CVSS 5.0
CVE-2025-10223 MEDIUM
Axxonsoft Axxon One < 2.0.2 - Insufficient Session Expiration
CVSS 5.4
Details
Vulnerabilities 509
Links
MITRE CWE Entry Search this CWE With Exploits