CVE-2025-4754

Summary

Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.

This issue affects ash_authentication_phoenix until 2.10.0.

Affected Software

VendorProductVersion RangeStatus
ash-projectash_authentication_phoenix0 < 2.10.0affected
ash-projectash_authentication_phoenix0 < a3253fb4fc7145aeb403537af1c24d3a8d51ffb1affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References