CVE-2025-51306

MEDIUM

Gatling Enterprise <1.25.0 - Info Disclosure

Title source: llm

Description

In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.

References (4)

Core 4

Core References

Product

https://gatling.io/products

Exploit

https://github.com/Flo354/vulnerabilities/blob/main/gatling-enterprise/CVE-2025-51306-broken-logout.md

View Exploit ZIP pw:eip

Exploit

https://github.com/Flo354/vulnerabilities/blob/main/gatling-enterprise/CVE-2025-51306-change-permissions-not-reflected.md

View Exploit ZIP pw:eip

Exploit

https://github.com/Flo354/vulnerabilities/tree/main/gatling-enterprise

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 26.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1259

Status published

Products (1)

gatling/gatling < 1.25.0

Published Aug 06, 2025

Tracked Since Feb 18, 2026