CVE-2025-56643

CRITICAL

Requarks Wiki.js - Insufficient Session Expiration

Title source: rule

Description

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism.

Exploits (1)

nomisec WRITEUP 1 stars

by 0xBS0D27 · poc

https://github.com/0xBS0D27/CVE-2025-56643

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/0xBS0D27/CVE-2025-56643

Scores

CVSS v3 9.1

EPSS 0.0012

EPSS Percentile 30.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-613

Status published

Products (1)

requarks/wiki.js 2.5.307

Published Nov 18, 2025

Tracked Since Feb 18, 2026