Session Management Flaw in HAXcms Backends by HAX The Web

CVE-2025-53642

What is CVE-2025-53642?

The HAXcms backends, specifically haxcms-nodejs and haxcms-php, exhibit a critical flaw in their user logout functionality. The application fails to properly terminate user sessions or clear cookies upon logout, which could leave user data exposed. Furthermore, it inadvertently issues a refresh token during the logout process. This issue poses significant risks, potentially allowing unauthorized access to user accounts after logging out. The vulnerability has been addressed in version 11.0.6 of the software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References