Session Management Flaw in HAXcms Backends by HAX The Web
CVE-2025-53642

4.8MEDIUM

Key Information:

Vendor: Haxtheweb
Status: Issues
Vendor: CVE Published:; 11 July 2025

What is CVE-2025-53642?

The HAXcms backends, specifically haxcms-nodejs and haxcms-php, exhibit a critical flaw in their user logout functionality. The application fails to properly terminate user sessions or clear cookies upon logout, which could leave user data exposed. Furthermore, it inadvertently issues a refresh token during the logout process. This issue poses significant risks, potentially allowing unauthorized access to user accounts after logging out. The vulnerability has been addressed in version 11.0.6 of the software.

Affected Version(s)

issues < 11.0.6

References

https://github.com/haxtheweb/issues/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jul 7, 2025

Haxtheweb

What is CVE-2025-53642?

Affected Version(s)

References

CVSS V3.1

Timeline