CVE-2025-4754
LOWash_authentication_phoenix < 2.10.0 - Insufficient Session Expiration in Controller
Title source: llmDescription
Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
related
https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq
Related related
https://cna.erlef.org/cves/CVE-2025-4754.html
Related related
https://osv.dev/vulnerability/EEF-CVE-2025-4754
Issue Tracking patch
https://github.com/team-alembic/ash_authentication_phoenix/pull/634
Scores
CVSS v4
2.3
EPSS
0.0040
EPSS Percentile
31.7%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (4)
ash-project/ash_authentication_phoenix
< 2.10.0
ash-project/ash_authentication_phoenix
< a3253fb4fc7145aeb403537af1c24d3a8d51ffb1
ash-project/ash_authentication_phoenix
pkg:hex/ash_authentication_phoenix@0 - pkg:hex/[email protected]
Hex/ash_authentication_phoenix
0 - 2.10.0Hex
Published
Jun 17, 2025
Tracked Since
Feb 18, 2026