Vulnerability Database

309,364

Total vulnerabilities in the database

CVE-2025-4754

Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.

This issue affects ash_authentication_phoenix until 2.10.0.

Published: Jun 17, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-4754
GHSA: GHSA-f7gq-h8jv-h3cq
Severity: Low
Exploit:

No technical information available.

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
ash_authentication_phoenix	-	2.10.0

https://github.com/team-alembic/ash_authentication_phoenix/commit/a3253fb4fc7145aeb403537af1c24d3a8d51ffb1
https://github.com/team-alembic/ash_authentication_phoenix/pull/634
https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo