CVE-2025-55009
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
| Software | From | Fixed in |
|---|---|---|
@workos-inc / authkit-remix
|
- | 0.15.0 |
- https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6
- https://github.com/workos/authkit-remix/releases/tag/v0.15.0
- https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx
- https://osv.dev/vulnerability/CVE-2025-55009
- https://osv.dev/vulnerability/GHSA-v3gr-w9gf-23cx
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime