CVE-2025-4754
Missing Session Revocation on Logout in ash_authentication_phoenix
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
29th
Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.
| CWE | CWE-613 |
| Vendor | ash-project |
| Product | ash_authentication_phoenix |
| Published | Jun 17, 2025 |
| Last Updated | Apr 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for ash-project ash_authentication_phoenix
Be the first to know when new unknown vulnerabilities affecting ash-project ash_authentication_phoenix are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
ash-project / ash_authentication_phoenix
0 < 2.10.0
ash-project / ash_authentication_phoenix
0 < a3253fb4fc7145aeb403537af1c24d3a8d51ffb1
References
github.com: https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq cna.erlef.org: https://cna.erlef.org/cves/CVE-2025-4754.html osv.dev: https://osv.dev/vulnerability/EEF-CVE-2025-4754 github.com: https://github.com/team-alembic/ash_authentication_phoenix/pull/634 github.com: https://github.com/team-alembic/ash_authentication_phoenix/commit/a3253fb4fc7145aeb403537af1c24d3a8d51ffb1
Credits
James Harton Zach Daniel Mike Buhot Jonatan Männchen Josh Price