Memory Vulnerability in Couch-Auth by Perfood
CVE-2025-60794

Currently unrated

Key Information:

Vendor: Perfood
Status: Couch-Auth
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-60794?

A vulnerability in Couch-Auth version 0.21.2 allows session tokens and passwords to be stored in JavaScript objects that remain in memory without proper removal. This oversight poses a risk as these sensitive credentials may be accessible through memory analyses, utilizing tools such as memory dumps or debugging techniques. As a result, attackers can exploit this vulnerability to gain unauthorized access to user sessions, thereby compromising security.

References

https://www.npmjs.com/package/@perfood/couch-auth

https://github.com/perfood/couch-auth

https://github.com/pr0wl1ng/security-advisories/blob/main...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Sep 26, 2025

JSON