Memory Vulnerability in Couch-Auth by Perfood
CVE-2025-60794

6.5MEDIUM

Key Information:

Vendor: Perfood
Status: Couch-Auth
Vendor: CVE Published:; 20 November 2025

Badges

📰 News Worthy

What is CVE-2025-60794?

A vulnerability in Couch-Auth version 0.21.2 allows session tokens and passwords to be stored in JavaScript objects that remain in memory without proper removal. This oversight poses a risk as these sensitive credentials may be accessible through memory analyses, utilizing tools such as memory dumps or debugging techniques. As a result, attackers can exploit this vulnerability to gain unauthorized access to user sessions, thereby compromising security.

News Articles

wiz.io

CVE-2025-60794

CVE-2025-60794 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-60794 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

References

https://www.npmjs.com/package/@perfood/couch-auth

https://github.com/perfood/couch-auth

https://github.com/pr0wl1ng/security-advisories/blob/main...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by wiz.io
Nov 28, 2025
Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60794 Data

JSON