Common Weakness Enumeration

CWE-613

Allowed-with-Review

Insufficient Session Expiration

Abstraction: Base · Status: Incomplete

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

875 vulnerabilities reference this CWE, most recent first.

CVE-2025-4677 (GCVE-0-2025-4677)

Vulnerability from cvelistv5 – Published: 2026-01-07 17:09 – Updated: 2026-01-07 18:19
VLAI
Title
Idle session timeout is not configured for multiple open ports
Summary
Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
ABB
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4677",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T18:17:02.695141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-07T18:19:30.647Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WebPro SNMP Card PowerValue",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "1.1.8.k",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WebPro SNMP Card PowerValue UL",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "1.1.8.k",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.\u003cp\u003eThis issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-07T17:09:05.370Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Idle session timeout is not configured for multiple open ports",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2025-4677",
    "datePublished": "2026-01-07T17:09:05.370Z",
    "dateReserved": "2025-05-14T06:02:15.939Z",
    "dateUpdated": "2026-01-07T18:19:30.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4643 (GCVE-0-2025-4643)

Vulnerability from cvelistv5 – Published: 2025-08-29 10:01 – Updated: 2025-08-29 11:54 X_Open Source
VLAI
Title
Lack of JWT Expiration after Log Out in PayloadCMS
Summary
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). This issue has been fixed in version 3.44.0 of Payload.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
Payload CMS Payload Affected: 0 , < 3.44.0 (semver)
Create a notification for this product.
Date Public
2025-08-29 10:00
Credits
Arkadiusz Marta
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4643",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-29T11:54:20.949942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-29T11:54:27.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Payload",
          "vendor": "Payload CMS",
          "versions": [
            {
              "lessThan": "3.44.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Arkadiusz Marta"
        }
      ],
      "datePublic": "2025-08-29T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). \u003cbr\u003e\u003cbr\u003eThis issue has been fixed in version 3.44.0 of Payload.\u003cbr\u003e"
            }
          ],
          "value": "Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). \n\nThis issue has been fixed in version 3.44.0 of Payload."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-29T10:01:09.128Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/08/CVE-2025-4643"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://payloadcms.com"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/payloadcms/payload"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "Lack of JWT Expiration after Log Out in PayloadCMS",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-4643",
    "datePublished": "2025-08-29T10:01:09.128Z",
    "dateReserved": "2025-05-13T07:10:07.627Z",
    "dateUpdated": "2025-08-29T11:54:27.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-4528 (GCVE-0-2025-4528)

Vulnerability from cvelistv5 – Published: 2025-05-11 03:00 – Updated: 2026-05-27 14:34
VLAI
Title
Dígitro NGC Explorer session expiration
Summary
A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Dígitro NGC Explorer Affected: 3.44.0
Affected: 3.44.1
Affected: 3.44.2
Affected: 3.44.3
Affected: 3.44.4
Affected: 3.44.5
Affected: 3.44.6
Affected: 3.44.7
Affected: 3.44.8
Affected: 3.44.9
Affected: 3.44.10
Affected: 3.44.11
Affected: 3.44.12
Affected: 3.44.13
Affected: 3.44.14
Affected: 3.44.15
Affected: 3.48.0
Affected: 3.48.1
Affected: 3.48.2
Affected: 3.48.3
Affected: 3.48.4
Affected: 3.48.5
Affected: 3.48.6
Affected: 3.48.7
Affected: 3.48.8
Affected: 3.48.9
Affected: 3.48.10
Affected: 3.48.11
Affected: 3.48.12
Affected: 3.48.13
Affected: 3.48.14
Affected: 3.48.15
Affected: 3.48.16
Affected: 3.48.17
Affected: 3.48.18
Affected: 3.48.19
Affected: 3.48.20
Affected: 3.48.21
Unaffected: 3.48.22
    cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
j369 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4528",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-12T14:33:25.278396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T14:33:36.562Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:d_gitro:ngc_explorer:*:*:*:*:*:*:*:*"
          ],
          "product": "NGC Explorer",
          "vendor": "D\u00edgitro",
          "versions": [
            {
              "status": "affected",
              "version": "3.44.0"
            },
            {
              "status": "affected",
              "version": "3.44.1"
            },
            {
              "status": "affected",
              "version": "3.44.2"
            },
            {
              "status": "affected",
              "version": "3.44.3"
            },
            {
              "status": "affected",
              "version": "3.44.4"
            },
            {
              "status": "affected",
              "version": "3.44.5"
            },
            {
              "status": "affected",
              "version": "3.44.6"
            },
            {
              "status": "affected",
              "version": "3.44.7"
            },
            {
              "status": "affected",
              "version": "3.44.8"
            },
            {
              "status": "affected",
              "version": "3.44.9"
            },
            {
              "status": "affected",
              "version": "3.44.10"
            },
            {
              "status": "affected",
              "version": "3.44.11"
            },
            {
              "status": "affected",
              "version": "3.44.12"
            },
            {
              "status": "affected",
              "version": "3.44.13"
            },
            {
              "status": "affected",
              "version": "3.44.14"
            },
            {
              "status": "affected",
              "version": "3.44.15"
            },
            {
              "status": "affected",
              "version": "3.48.0"
            },
            {
              "status": "affected",
              "version": "3.48.1"
            },
            {
              "status": "affected",
              "version": "3.48.2"
            },
            {
              "status": "affected",
              "version": "3.48.3"
            },
            {
              "status": "affected",
              "version": "3.48.4"
            },
            {
              "status": "affected",
              "version": "3.48.5"
            },
            {
              "status": "affected",
              "version": "3.48.6"
            },
            {
              "status": "affected",
              "version": "3.48.7"
            },
            {
              "status": "affected",
              "version": "3.48.8"
            },
            {
              "status": "affected",
              "version": "3.48.9"
            },
            {
              "status": "affected",
              "version": "3.48.10"
            },
            {
              "status": "affected",
              "version": "3.48.11"
            },
            {
              "status": "affected",
              "version": "3.48.12"
            },
            {
              "status": "affected",
              "version": "3.48.13"
            },
            {
              "status": "affected",
              "version": "3.48.14"
            },
            {
              "status": "affected",
              "version": "3.48.15"
            },
            {
              "status": "affected",
              "version": "3.48.16"
            },
            {
              "status": "affected",
              "version": "3.48.17"
            },
            {
              "status": "affected",
              "version": "3.48.18"
            },
            {
              "status": "affected",
              "version": "3.48.19"
            },
            {
              "status": "affected",
              "version": "3.48.20"
            },
            {
              "status": "affected",
              "version": "3.48.21"
            },
            {
              "status": "unaffected",
              "version": "3.48.22"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "j369 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in D\u00edgitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknown function. Executing a manipulation can lead to session expiration. The attack can be launched remotely. Upgrading to version 3.48.22 mitigates this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-27T14:34:18.093Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-308273 | D\u00edgitro NGC Explorer session expiration",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/308273"
        },
        {
          "name": "VDB-308273 | CTI Indicators (IOB, IOC)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/308273/cti"
        },
        {
          "name": "Submit #565309 | D\u00edgitro NGC Explorer 3.44.15 Improper session token expiration",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/565309"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://digitro.com/recomendacao-10-2026-ctir-gov/"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.gov.br/ctir/pt-br/assuntos/alertas-e-recomendacoes/recomendacoes/2026/recomendacao-10-2026"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-10T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-27T16:38:18.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "D\u00edgitro NGC Explorer session expiration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4528",
    "datePublished": "2025-05-11T03:00:06.849Z",
    "dateReserved": "2025-05-10T05:30:00.544Z",
    "dateUpdated": "2026-05-27T14:34:18.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4407 (GCVE-0-2025-4407)

Vulnerability from cvelistv5 – Published: 2025-06-30 11:16 – Updated: 2025-06-30 14:48
VLAI
Title
Application does not invalidate session after password reset
Summary
Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
ABB
Impacted products
Vendor Product Version
ABB Lite Panel Pro Affected: 0 , ≤ 1.0.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4407",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T14:48:40.876375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T14:48:59.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Lite Panel Pro",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "1.0.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.\u003cp\u003eThis issue affects Lite Panel Pro: through 1.0.1.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-30T11:16:40.554Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A2771\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The vulnerability is resolved in the following product versions:\nLite Panel Pro software version 1.1.0\n\n\u003cbr\u003e"
            }
          ],
          "value": "The vulnerability is resolved in the following product versions:\nLite Panel Pro software version 1.1.0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Application does not invalidate session after password reset",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2025-4407",
    "datePublished": "2025-06-30T11:16:39.556Z",
    "dateReserved": "2025-05-07T05:27:33.565Z",
    "dateUpdated": "2025-06-30T14:48:59.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-3930 (GCVE-0-2025-3930)

Vulnerability from cvelistv5 – Published: 2025-10-16 10:43 – Updated: 2025-10-22 06:59 X_Open Source
VLAI
Title
Lack of JWT Expiration after Log Out in Strapi
Summary
Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). The existence of /admin/renew-token endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. This issue has been fixed in version 5.24.1.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
Strapi Strapi Affected: 0 , < 5.24.1 (semver)
Create a notification for this product.
Date Public
2025-10-16 09:55
Credits
Arkadiusz Marta
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T13:37:13.822536Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-16T13:37:36.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Strapi",
          "vendor": "Strapi",
          "versions": [
            {
              "lessThan": "5.24.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Arkadiusz Marta"
        }
      ],
      "datePublic": "2025-10-16T09:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStrapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed).\u003c/span\u003e \u003cbr\u003eThe existence of \u003ctt\u003e/admin/renew-token\u0026nbsp;\u003c/tt\u003eendpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. \u003cbr\u003e\u003cbr\u003eThis issue has been fixed in version 5.24.1.\u003ctt\u003e\u003ctt\u003e\u003cbr\u003e\u003ctt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003c/tt\u003e"
            }
          ],
          "value": "Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is set to 30 days by default, but can be changed). \nThe existence of /admin/renew-token\u00a0endpoint allows anyone to renew near-expiration tokens indefinitely, further increasing the impact of this attack. \n\nThis issue has been fixed in version 5.24.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T06:59:29.045Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/06/CVE-2025-3930"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/strapi/strapi"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://strapi.io/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://strapi.io/blog/security-disclosure-of-vulnerabilities-cve-October-2025"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "Lack of JWT Expiration after Log Out in Strapi",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-3930",
    "datePublished": "2025-10-16T10:43:21.382Z",
    "dateReserved": "2025-04-25T06:46:23.142Z",
    "dateUpdated": "2025-10-22T06:59:29.045Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2596 (GCVE-0-2025-2596)

Vulnerability from cvelistv5 – Published: 2025-03-26 10:51 – Updated: 2025-03-26 17:36
VLAI
Title
Session logout can be overwritten by long lasting request
Summary
Session logout could be overwritten in Checkmk GmbH's Checkmk versions <2.3.0p30, <2.2.0p41, and 2.1.0p49 (EOL)
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
Checkmk GmbH Checkmk Affected: 2.4.0 , < 2.4.0b2 (semver)
Affected: 2.3.0 , < 2.3.0p30 (semver)
Affected: 2.2.0 , < 2.2.0p41 (semver)
Affected: 2.1.0 , ≤ 2.1.0p50 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-26T17:35:52.786112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T17:36:08.128Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Checkmk",
          "vendor": "Checkmk GmbH",
          "versions": [
            {
              "lessThan": "2.4.0b2",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.3.0p30",
              "status": "affected",
              "version": "2.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.2.0p41",
              "status": "affected",
              "version": "2.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.1.0p50",
              "status": "affected",
              "version": "2.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Session logout could be overwritten in Checkmk GmbH\u0027s Checkmk versions \u003c2.3.0p30, \u003c2.2.0p41, and 2.1.0p49 (EOL)"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-26T10:51:16.285Z",
        "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
        "shortName": "Checkmk"
      },
      "references": [
        {
          "url": "https://checkmk.com/werk/17808"
        }
      ],
      "title": "Session logout can be overwritten by long lasting request"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
    "assignerShortName": "Checkmk",
    "cveId": "CVE-2025-2596",
    "datePublished": "2025-03-26T10:51:16.285Z",
    "dateReserved": "2025-03-21T10:07:46.468Z",
    "dateUpdated": "2025-03-26T17:36:08.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-2185 (GCVE-0-2025-2185)

Vulnerability from cvelistv5 – Published: 2025-04-24 23:22 – Updated: 2025-04-25 16:02
VLAI
Title
ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration
Summary
ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Credits
Khalid Markar, Parul Sindhwad & Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2185",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-25T15:38:52.881020Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-25T16:02:29.038Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Net.Time - PTP/NTP clock (Serial No. NBC0081P)",
          "vendor": "ALBEDO Telecom",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Khalid Markar, Parul Sindhwad \u0026 Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."
            }
          ],
          "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-24T23:22:35.146Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02"
        },
        {
          "url": "https://www.albedotelecom.com/contactus.php"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eALBEDO Telecom has identified the following mitigations users can apply to reduce risk:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eNet.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more information, please \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.albedotelecom.com/contactus.php\"\u003econtact ALBEDO Telecom.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:\n\n\n\n  *  Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1\n\n\n\n\nFor more information, please  contact ALBEDO Telecom. https://www.albedotelecom.com/contactus.php"
        }
      ],
      "source": {
        "advisory": "ICSA-25-114-02",
        "discovery": "EXTERNAL"
      },
      "title": "ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-2185",
    "datePublished": "2025-04-24T23:22:35.146Z",
    "dateReserved": "2025-03-10T19:07:16.013Z",
    "dateUpdated": "2025-04-25T16:02:29.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-1968 (GCVE-0-2025-1968)

Vulnerability from cvelistv5 – Published: 2025-04-09 13:33 – Updated: 2026-02-26 18:28
VLAI
Summary
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
Impacted products
Vendor Product Version
Progress Software Corporation Sitefinity Affected: 14.0 , ≤ 14.3 (custom)
Affected: 14.4 , < 14.4.8145 (custom)
Affected: 15.0 , < 15.0.8231 (custom)
Affected: 15.1 , < 15.1.8332 (custom)
Affected: 15.2 , < 15.2.8429 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T03:55:30.253793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:29.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Sitefinity",
          "vendor": "Progress Software Corporation",
          "versions": [
            {
              "lessThanOrEqual": "14.3",
              "status": "affected",
              "version": "14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.4.8145",
              "status": "affected",
              "version": "14.4",
              "versionType": "custom"
            },
            {
              "lessThan": "15.0.8231",
              "status": "affected",
              "version": "15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.8332",
              "status": "affected",
              "version": "15.1",
              "versionType": "custom"
            },
            {
              "lessThan": "15.2.8429",
              "status": "affected",
              "version": "15.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).\u003cp\u003eThis issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.\u003c/p\u003e"
            }
          ],
          "value": "Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-60",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-60: Reusing Session IDs (Session Replay Attacks)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-09T13:33:31.450Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2025-1968-April-2025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2025-1968",
    "datePublished": "2025-04-09T13:33:31.450Z",
    "dateReserved": "2025-03-04T17:18:25.818Z",
    "dateUpdated": "2026-02-26T18:28:29.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-1198 (GCVE-0-2025-1198)

Vulnerability from cvelistv5 – Published: 2025-02-13 00:55 – Updated: 2025-02-13 14:57
VLAI
Title
Insufficient Session Expiration in GitLab
Summary
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
URL Tags
https://gitlab.com/gitlab-org/gitlab/-/issues/511477 issue-trackingpermissions-required
Impacted products
Vendor Product Version
GitLab GitLab Affected: 16.11 , < 17.6.5 (semver)
Affected: 17.7 , < 17.7.4 (semver)
Affected: 17.8 , < 17.8.2 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
This vulnerability has been discovered internally by a GitLab team member [Dylan Griffith](https://gitlab.com/DylanGriffith).
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T14:57:14.620465Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-13T14:57:28.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "17.6.5",
              "status": "affected",
              "version": "16.11",
              "versionType": "semver"
            },
            {
              "lessThan": "17.7.4",
              "status": "affected",
              "version": "17.7",
              "versionType": "semver"
            },
            {
              "lessThan": "17.8.2",
              "status": "affected",
              "version": "17.8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This vulnerability has been discovered internally by a GitLab team member [Dylan Griffith](https://gitlab.com/DylanGriffith)."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-13T00:55:50.295Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "GitLab Issue #511477",
          "tags": [
            "issue-tracking",
            "permissions-required"
          ],
          "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/511477"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 17.6.5, 17.7.4, 17.8.2 or above."
        }
      ],
      "title": "Insufficient Session Expiration in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2025-1198",
    "datePublished": "2025-02-13T00:55:50.295Z",
    "dateReserved": "2025-02-10T16:02:02.388Z",
    "dateUpdated": "2025-02-13T14:57:28.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0138 (GCVE-0-2025-0138)

Vulnerability from cvelistv5 – Published: 2025-05-14 18:10 – Updated: 2025-06-23 15:09
VLAI
Title
Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface
Summary
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
Vendor Product Version
Palo Alto Networks Prisma Cloud Compute Edition Affected: 1 , < 34.01.129 (custom)
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:34.00.137:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.03.138:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.02.134:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.01.137:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.07.123:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.06.113:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.05.124:*:*:*:*:*:*:*
    cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.04.113:*:*:*:*:*:*:*
Create a notification for this product.
Palo Alto Networks Compute in Prisma Cloud Enterprise Edition Unaffected: All (custom)
Create a notification for this product.
Date Public
2025-05-14 16:00
Credits
Maciej Pypec of ING
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-14T19:44:48.071193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-14T19:45:01.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:34.00.137:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.03.138:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.02.134:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:33.01.137:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.07.123:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.06.113:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.05.124:*:*:*:*:*:*:*",
            "cpe:2.3:a:paloaltonetworks:prisma_cloud_compute_edition:32.04.113:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Prisma Cloud Compute Edition",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "changes": [
                {
                  "at": "34.01.129",
                  "status": "unaffected"
                }
              ],
              "lessThan": "34.01.129",
              "status": "affected",
              "version": "1",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Compute in Prisma Cloud Enterprise Edition",
          "vendor": "Palo Alto Networks",
          "versions": [
            {
              "status": "unaffected",
              "version": "All",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo special configuration is required to be affected by this issue.\u003c/p\u003e"
            }
          ],
          "value": "No special configuration is required to be affected by this issue."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maciej Pypec of ING"
        }
      ],
      "datePublic": "2025-05-14T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWeb sessions in the web interface of Palo Alto Networks Prisma\u00ae Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\u003c/p\u003eCompute in Prisma Cloud Enterprise Edition is not affected by this issue."
            }
          ],
          "value": "Web sessions in the web interface of Palo Alto Networks Prisma\u00ae Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access.\n\nCompute in Prisma Cloud Enterprise Edition is not affected by this issue."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
            }
          ],
          "value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-114",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-114 Authentication Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 2,
            "baseSeverity": "LOW",
            "privilegesRequired": "LOW",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-23T15:09:31.123Z",
        "orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
        "shortName": "palo_alto"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2025-0138"
        }
      ],
      "solutions": [
        {
          "lang": "eng",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue is fixed in Prisma Cloud Compute Edition 34.01.129, and all later Prisma Cloud Compute Edition versions."
            }
          ],
          "value": "This issue is fixed in Prisma Cloud Compute Edition 34.01.129, and all later Prisma Cloud Compute Edition versions."
        }
      ],
      "source": {
        "defect": [
          "CWP-62541"
        ],
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-14T16:00:00.000Z",
          "value": "Initial Publication"
        }
      ],
      "title": "Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNo workaround or mitigation is available.\u003c/p\u003e"
            }
          ],
          "value": "No workaround or mitigation is available."
        }
      ],
      "x_affectedList": [
        "Prisma Cloud Compute Edition   34.00.0",
        "Prisma Cloud Compute Edition   34.00.1",
        "Prisma Cloud Compute Edition   34.00.2",
        "Prisma Cloud Compute Edition   34.00.3",
        "Prisma Cloud Compute Edition   34.00.4",
        "Prisma Cloud Compute Edition   34.00.5",
        "Prisma Cloud Compute Edition   34.00.6",
        "Prisma Cloud Compute Edition   34.00.7",
        "Prisma Cloud Compute Edition   34.00.8",
        "Prisma Cloud Compute Edition   34.00.9",
        "Prisma Cloud Compute Edition   34.00.10",
        "Prisma Cloud Compute Edition   34.00.11",
        "Prisma Cloud Compute Edition   34.00.12",
        "Prisma Cloud Compute Edition   34.00.13",
        "Prisma Cloud Compute Edition   34.00.14",
        "Prisma Cloud Compute Edition   34.00.15",
        "Prisma Cloud Compute Edition   34.00.16",
        "Prisma Cloud Compute Edition   34.00.17",
        "Prisma Cloud Compute Edition   34.00.18",
        "Prisma Cloud Compute Edition   34.00.19",
        "Prisma Cloud Compute Edition   34.00.20",
        "Prisma Cloud Compute Edition   34.00.21",
        "Prisma Cloud Compute Edition   34.00.22",
        "Prisma Cloud Compute Edition   34.00.23",
        "Prisma Cloud Compute Edition   34.00.24",
        "Prisma Cloud Compute Edition   34.00.25",
        "Prisma Cloud Compute Edition   34.00.26",
        "Prisma Cloud Compute Edition   34.00.27",
        "Prisma Cloud Compute Edition   34.00.28",
        "Prisma Cloud Compute Edition   34.00.29",
        "Prisma Cloud Compute Edition   34.00.30",
        "Prisma Cloud Compute Edition   34.00.31",
        "Prisma Cloud Compute Edition   34.00.32",
        "Prisma Cloud Compute Edition   34.00.33",
        "Prisma Cloud Compute Edition   34.00.34",
        "Prisma Cloud Compute Edition   34.00.35",
        "Prisma Cloud Compute Edition   34.00.36",
        "Prisma Cloud Compute Edition   34.00.37",
        "Prisma Cloud Compute Edition   34.00.38",
        "Prisma Cloud Compute Edition   34.00.39",
        "Prisma Cloud Compute Edition   34.00.40",
        "Prisma Cloud Compute Edition   34.00.41",
        "Prisma Cloud Compute Edition   34.00.42",
        "Prisma Cloud Compute Edition   34.00.43",
        "Prisma Cloud Compute Edition   34.00.44",
        "Prisma Cloud Compute Edition   34.00.45",
        "Prisma Cloud Compute Edition   34.00.46",
        "Prisma Cloud Compute Edition   34.00.47",
        "Prisma Cloud Compute Edition   34.00.48",
        "Prisma Cloud Compute Edition   34.00.49",
        "Prisma Cloud Compute Edition   34.00.50",
        "Prisma Cloud Compute Edition   34.00.51",
        "Prisma Cloud Compute Edition   34.00.52",
        "Prisma Cloud Compute Edition   34.00.53",
        "Prisma Cloud Compute Edition   34.00.54",
        "Prisma Cloud Compute Edition   34.00.55",
        "Prisma Cloud Compute Edition   34.00.56",
        "Prisma Cloud Compute Edition   34.00.57",
        "Prisma Cloud Compute Edition   34.00.58",
        "Prisma Cloud Compute Edition   34.00.59",
        "Prisma Cloud Compute Edition   34.00.60",
        "Prisma Cloud Compute Edition   34.00.61",
        "Prisma Cloud Compute Edition   34.00.62",
        "Prisma Cloud Compute Edition   34.00.63",
        "Prisma Cloud Compute Edition   34.00.64",
        "Prisma Cloud Compute Edition   34.00.65",
        "Prisma Cloud Compute Edition   34.00.66",
        "Prisma Cloud Compute Edition   34.00.67",
        "Prisma Cloud Compute Edition   34.00.68",
        "Prisma Cloud Compute Edition   34.00.69",
        "Prisma Cloud Compute Edition   34.00.70",
        "Prisma Cloud Compute Edition   34.00.71",
        "Prisma Cloud Compute Edition   34.00.72",
        "Prisma Cloud Compute Edition   34.00.73",
        "Prisma Cloud Compute Edition   34.00.74",
        "Prisma Cloud Compute Edition   34.00.75",
        "Prisma Cloud Compute Edition   34.00.76",
        "Prisma Cloud Compute Edition   34.00.77",
        "Prisma Cloud Compute Edition   34.00.78",
        "Prisma Cloud Compute Edition   34.00.79",
        "Prisma Cloud Compute Edition   34.00.80",
        "Prisma Cloud Compute Edition   34.00.81",
        "Prisma Cloud Compute Edition   34.00.82",
        "Prisma Cloud Compute Edition   34.00.83",
        "Prisma Cloud Compute Edition   34.00.84",
        "Prisma Cloud Compute Edition   34.00.85",
        "Prisma Cloud Compute Edition   34.00.86",
        "Prisma Cloud Compute Edition   34.00.87",
        "Prisma Cloud Compute Edition   34.00.88",
        "Prisma Cloud Compute Edition   34.00.89",
        "Prisma Cloud Compute Edition   34.00.90",
        "Prisma Cloud Compute Edition   34.00.91",
        "Prisma Cloud Compute Edition   34.00.92",
        "Prisma Cloud Compute Edition   34.00.93",
        "Prisma Cloud Compute Edition   34.00.94",
        "Prisma Cloud Compute Edition   34.00.95",
        "Prisma Cloud Compute Edition   34.00.96",
        "Prisma Cloud Compute Edition   34.00.97",
        "Prisma Cloud Compute Edition   34.00.98",
        "Prisma Cloud Compute Edition   34.00.99",
        "Prisma Cloud Compute Edition   34.00.100",
        "Prisma Cloud Compute Edition   34.00.101",
        "Prisma Cloud Compute Edition   34.00.102",
        "Prisma Cloud Compute Edition   34.00.103",
        "Prisma Cloud Compute Edition   34.00.104",
        "Prisma Cloud Compute Edition   34.00.105",
        "Prisma Cloud Compute Edition   34.00.106",
        "Prisma Cloud Compute Edition   34.00.107",
        "Prisma Cloud Compute Edition   34.00.108",
        "Prisma Cloud Compute Edition   34.00.109",
        "Prisma Cloud Compute Edition   34.00.110",
        "Prisma Cloud Compute Edition   34.00.111",
        "Prisma Cloud Compute Edition   34.00.112",
        "Prisma Cloud Compute Edition   34.00.113",
        "Prisma Cloud Compute Edition   34.00.114",
        "Prisma Cloud Compute Edition   34.00.115",
        "Prisma Cloud Compute Edition   34.00.116",
        "Prisma Cloud Compute Edition   34.00.117",
        "Prisma Cloud Compute Edition   34.00.118",
        "Prisma Cloud Compute Edition   34.00.119",
        "Prisma Cloud Compute Edition   34.00.120",
        "Prisma Cloud Compute Edition   34.00.121",
        "Prisma Cloud Compute Edition   34.00.122",
        "Prisma Cloud Compute Edition   34.00.123",
        "Prisma Cloud Compute Edition   34.00.124",
        "Prisma Cloud Compute Edition   34.00.125",
        "Prisma Cloud Compute Edition   34.00.126",
        "Prisma Cloud Compute Edition   34.00.127",
        "Prisma Cloud Compute Edition   34.00.128",
        "Prisma Cloud Compute Edition   34.00.129",
        "Prisma Cloud Compute Edition   34.00.130",
        "Prisma Cloud Compute Edition   34.00.131",
        "Prisma Cloud Compute Edition   34.00.132",
        "Prisma Cloud Compute Edition   34.00.133",
        "Prisma Cloud Compute Edition   34.00.134",
        "Prisma Cloud Compute Edition   34.00.135",
        "Prisma Cloud Compute Edition   34.00.136",
        "Prisma Cloud Compute Edition   34.00.137",
        "Prisma Cloud Compute Edition   34.00.138",
        "Prisma Cloud Compute Edition   34.00.139",
        "Prisma Cloud Compute Edition   34.00.140"
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
    "assignerShortName": "palo_alto",
    "cveId": "CVE-2025-0138",
    "datePublished": "2025-05-14T18:10:16.979Z",
    "dateReserved": "2024-12-20T23:24:41.254Z",
    "dateUpdated": "2025-06-23T15:09:31.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Set sessions/credentials expiration date.

No CAPEC attack patterns related to this CWE.