Session Integrity Flaw in Requarks Wiki.js Product by Requarks
CVE-2025-56643

9.1CRITICAL

Key Information:

Vendor: Requarks
Status: Wiki.js
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-56643?

Requarks Wiki.js version 2.5.307 contains a significant flaw in its session management system. When users log out, the application fails to properly revoke the active JSON Web Tokens (JWTs), allowing these tokens to remain valid and be reused for unauthorized access. The vulnerability primarily affects the authentication resolver and impacts the GraphQL endpoint as well as the logout process. Consequently, if a token is compromised, it can lead to unauthorized access to sensitive system components, undermining the integrity of user sessions.

References

https://github.com/0xBS0D27/CVE-2025-56643

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Aug 17, 2025

CVE-2025-56643 Data

JSON