CVE-2025-4754
LOWHEX Ash Authentication Phoenix - Insufficient Session Expiration
Title source: ruleDescription
Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.
Scores
CVSS v4
2.3
EPSS
0.0045
EPSS Percentile
63.8%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-613
Status
published
Products (4)
ash-project/ash_authentication_phoenix
< 2.10.0
ash-project/ash_authentication_phoenix
< a3253fb4fc7145aeb403537af1c24d3a8d51ffb1
ash-project/ash_authentication_phoenix
pkg:hex/ash_authentication_phoenix@0 - pkg:hex/[email protected]
Hex/ash_authentication_phoenix
0 - 2.10.0Hex
Published
Jun 17, 2025
Tracked Since
Feb 18, 2026