CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

531 vulnerabilities with CWE-613
CVE-2025-46815 HIGH
ZITADEL < 2.70.10 and 2.71.x < 2.71.9 and 3.0.0-rc.1-3.0.0 - Session Hijacking via IdP Intent Reuse
CVSS 8.0
CVE-2025-46344 MEDIUM
Auth0 Next.js SDK <4.5.1 - Info Disclosure
CVE-2025-2185 HIGH
ALBEDO Telecom Net.Time - PTP/NTP clock <1.4.4 - Info Disclosure
CVSS 8.0
CVE-2025-42602 HIGH
Meon KYC solutions - Session Fixation via API Token Handling
CVE-2025-28059 HIGH
Nagios Network Analyzer 2024R1.0.3 - Insufficient Session Expiration
CVSS 7.5
CVE-2025-24859 HIGH
Apache Roller <6.1.5 - Info Disclosure
CVSS 8.8
CVE-2025-30516 LOW
Mattermost Mobile Apps <=2.25.0 - Info Disclosure
CVSS 2.0
CVE-2025-1968 HIGH
Progress Software Corporation Sitefinity <15.2 - Info Disclosure
CVSS 7.7
CVE-2025-28132 MEDIUM
Nagios Network Analyzer 2024R1.0.3 - Insufficient Session Expiration
CVSS 4.6
CVE-2025-2596 MEDIUM
Checkmk <2.3.0p30, <2.2.0p41, 2.1.0p49 - Insufficient Session Expiration
CVSS 5.3
CVE-2025-1198 MEDIUM
GitLab 16.11-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Insufficient Session Expiration via ActionCable
CVSS 4.2
CVE-2025-24973 CRITICAL
Concorde <12.25Q1.1 - Info Disclosure
CVSS 9.3
CVE-2025-24896 HIGH
Misskey <2025.2.0-alpha.0 - Info Disclosure
CVSS 8.1
CVE-2025-22386 HIGH
Optimizely Configured Commerce < 5.2.2408 - Insufficient Session Expiration
CVSS 7.3
CVE-2024-43181 MEDIUM
IBM Concert <2.1.0 - Privilege Escalation
CVSS 6.3
CVE-2024-13996 CRITICAL
Nagios XI < 2024R1.1.3 - Insufficient Session Expiration
CVSS 9.8
CVE-2024-33507 HIGH
FortiIsolator 2.0-2.4.4 - Insufficient Session Expiration and Incorrect Authorization via Crafted Cookie
CVSS 7.4
CVE-2024-41985 LOW
Siemens Opcenter Quality SmartClient Modules - Insufficient Session Expiration
CVSS 2.6
CVE-2024-27779 MEDIUM
FortiSandbox <4.4.4 - Info Disclosure
CVSS 6.7
CVE-2024-50562 MEDIUM
Fortinet Fortisase < 7.2.11 - Insufficient Session Expiration
CVSS 4.8
CVE-2024-22351 MEDIUM
IBM InfoSphere Information 11.7 - Privilege Escalation
CVSS 6.3
CVE-2024-45651 MEDIUM
IBM Sterling Connect:Direct Web Services 6.1.0-6.1.0.28 - Insufficient Session Expiration
CVSS 6.3
CVE-2024-49825 MEDIUM
IBM Robotic Process Automation <21.0.7.20,23.0.20 - Privilege Escal...
CVSS 6.3
CVE-2024-25051 MEDIUM
IBM Jazz Reporting Service 7.0.2-7.0.3 - Privilege Escalation
CVSS 6.6
CVE-2024-57056 MEDIUM
WombatDialer <25.02 - Info Disclosure
CVSS 5.4
Details
Vulnerabilities 531
Links
MITRE CWE Entry Search this CWE With Exploits