CVE-2025-53642
- Source
- https://cve.org/CVERecord?id=CVE-2025-53642
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53642.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-53642
- Aliases
-
- GHSA-g4f5-5w5j-p5jg
- Published
- 2025-07-11T17:33:05.861Z
- Modified
- 2026-04-02T12:52:51.729101Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- haxcms-nodejs and haxcms-php Improperly Terminate Sessions
- Details
-
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-613" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53642.json" }- References
Affected packages
Git / github.com/haxtheweb/haxcms-nodejs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/haxtheweb/haxcms-nodejs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "11.0.6" }, { "introduced": "0" }, { "fixed": "11.0.6" } ] }
Affected versions
10.*
10.0.0
v0.*
v0.0.10
v0.0.11
v0.0.12
v0.0.13
v0.0.14
v0.0.15
v0.0.16
v0.0.17
v0.0.18
v0.0.19
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.0.6
v0.0.7
v0.0.8
v0.0.9
v10.*
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v11.*
v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.0.4
v11.0.5
v9.*
v9.0.0
v9.0.0-alpha.0
v9.0.0-alpha.1
v9.0.1
v9.0.10
v9.0.11
v9.0.12
v9.0.13
v9.0.14
v9.0.15
v9.0.16
v9.0.17
v9.0.18
v9.0.19
v9.0.2
v9.0.20
v9.0.21
v9.0.3
v9.0.4
v9.0.5
v9.0.6
v9.0.7
v9.0.8
v9.0.9