CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2025-66223 HIGH
OpenObserve <0.16.0 - Privilege Escalation
CVE-2025-53896 HIGH
Kiteworks MFT <9.1.0 - Info Disclosure
CVSS 7.1
CVE-2025-64708 MEDIUM
authentik < 2025.8.5 - Insufficient Session Expiration via Invitation Validation Bypass
CVSS 5.8
CVE-2025-63226 MEDIUM
Sencore SMP100 Firmware V4.2.160, V60.1.4, V60.1.29 - Unauthenticated Session Hijacking via UserManagement.html Endpoint
CVSS 5.7
CVE-2025-56643 CRITICAL
Requarks Wiki.js 2.5.307 - Insufficient Session Expiration via JWT Token Handling
CVSS 9.1
CVE-2025-55278 HIGH
HCL DevOps Loop >=1.0.2 <1.0.2 - Improper Verification of Cryptographic Signature in API Authentication Middleware
CVSS 8.1
CVE-2025-64386 HIGH
Circutor TCPRS1plus >=1.0.14 <1.0.14 - Session Hijacking via JWT Token Reuse
CVE-2025-54547 MEDIUM
SSH Session Multiplexing - Info Disclosure
CVSS 5.3
CVE-2025-62781 MEDIUM
PILOS < 4.8.0 - Insufficient Session Expiration via Password Change
CVSS 5.0
CVE-2025-12278 MEDIUM
BLU-IC2 and BLU-IC4 < 1.20 - Insufficient Session Expiration via Logout Functionality
CVSS 6.5
CVE-2025-12110 MEDIUM
Keycloak < 26.4.3 - Insufficient Session Expiration via Offline Access Scope Removal
CVSS 5.4
CVE-2025-11429 MEDIUM
Keycloak < 26.4.1 - Insufficient Session Expiration via Remember Me Setting
CVSS 5.4
CVE-2025-3930 MEDIUM
Strapi < 5.24.1 - Insufficient Session Expiration via JWT Token Reuse
CVE-2025-25252 MEDIUM
FortiOS SSL VPN <7.6.2, 7.4.6, 7.2.10, 7.0.16, 6.4 - Info Disclosure
CVSS 4.8
CVE-2025-62174 LOW
Mastodon < 4.2.27 - Insufficient Session Expiration via Password Reset
CVSS 3.5
CVE-2025-61775 MEDIUM
Vickey <2025.10.0 - Info Disclosure
CVE-2025-54592 CRITICAL
FreshRSS < 1.27.0 - Insufficient Session Expiration during Logout
CVSS 9.8
CVE-2025-59841 CRITICAL
flagforge 2.2.0-2.3.0 - Insufficient Session Expiration
CVSS 9.8
CVE-2025-43819 MEDIUM
Liferay Portal 7.4.3.121-7.4.3.131 and Liferay DXP 2024.Q1.1-2024.Q1.12 - Unauthenticated Session Reuse via SLO API
CVSS 6.5
CVE-2025-59335 HIGH
CubeCart < 6.5.11 - Insufficient Session Expiration after Password Change
CVSS 7.1
CVE-2025-35433 MEDIUM
CISA Thorium < 1.1.1 - Insufficient Session Expiration
CVSS 5.0
CVE-2025-10223 MEDIUM
AxxonSoft Axxon One < 2.0.2 - Authenticated Insufficient Session Expiration
CVSS 5.4
CVE-2025-57766 MEDIUM
Fides < 2.69.1 - Insufficient Session Expiration after Password Change
CVSS 4.8
CVE-2025-58437 HIGH
Coder 2.22.0-2.24.3 2.25.0-2.25.1 - Insecure Session Token Inheritance in Prebuilt Workspaces
CVSS 8.1
CVE-2025-58352 MEDIUM
Weblate < 5.13.1 - Insufficient Session Expiration during Second Factor Verification
CVSS 6.5
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits