fkie_cve-2025-55008
Vulnerability from fkie_nvd
Published
2025-08-09 03:15
Modified
2025-08-11 18:32
Severity ?
Summary
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. This issue is fixed in version 0.7.0.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS \u0026 AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts \u2014 specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. This issue is fixed in version 0.7.0."
},
{
"lang": "es",
"value": "La librer\u00eda AuthKit para React Router 7+ proporciona ayudantes para la autenticaci\u00f3n y la gesti\u00f3n de sesiones mediante WorkOS y AuthKit con React Router. En las versiones 0.6.1 y anteriores, @workos-inc/authkit-react-router expon\u00eda artefactos de autenticaci\u00f3n sensibles, en concreto, sealedSession y accessToken, al devolverlos desde authkitLoader. Esto provocaba que se renderizaran en el HTML del navegador. Este problema se ha corregido en la versi\u00f3n 0.7.0."
}
],
"id": "CVE-2025-55008",
"lastModified": "2025-08-11T18:32:48.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-09T03:15:47.327",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/workos/authkit-react-router/commit/607caac658784962bab76e227f9c5820d0b9a9e5"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/workos/authkit-react-router/releases/tag/v0.7.0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/workos/authkit-react-router/security/advisories/GHSA-vqvc-9q8x-vmq6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…