Insufficient Session Expiration vulnerability in ash-project ashauthenticationphoenix allows Session Hijacking. This vulnerability is associated with program files lib/ashauthenticationphoenix/controller.ex.
This issue affects ashauthenticationphoenix until 2.10.0.
{
"cwe_ids": [
"CWE-613"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/4xxx/CVE-2025-4754.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "a3253fb4fc7145aeb403537af1c24d3a8d51ffb1"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "EEF"
}