Authentication Artifact Exposure in Remix by WorkOS
CVE-2025-55009

7.1HIGH

Key Information:

Vendor: Workos
Status: Authkit-remix
Vendor: CVE Published:; 9 August 2025

What is CVE-2025-55009?

The AuthKit library for Remix has a vulnerability in versions prior to 0.15.0, where sensitive authentication artifacts, including sealedSession and accessToken, are unintentionally exposed in the browser's HTML. This could lead to unauthorized access, as malicious actors could exploit these artifacts to hijack user sessions. It's crucial for developers to update to the latest version to mitigate this risk and protect user data from potential breaches.

Affected Version(s)

authkit-remix < 0.15.0

References

https://github.com/workos/authkit-remix/security/advisori...

x_refsource_CONFIRM

https://github.com/workos/authkit-remix/commit/20102afc74...

x_refsource_MISC

https://github.com/workos/authkit-remix/releases/tag/v0.15.0

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2025
Vulnerability Reserved
Aug 4, 2025

Workos

What is CVE-2025-55009?

Affected Version(s)

References

CVSS V3.1

Timeline