- Description
- Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 6
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-613
- Hype score
- Not currently trending
[CVE-2025-24973: CRITICAL] Concorde, a fork of the Misskey microblogging platform, had a cyber security vulnerability in previous versions, allowing attackers to steal authentication tokens. Update to version 12....#cybersecurity,#vulnerability https://t.co/Y6H0MzrzLy https://t.c
@CveFindCom
11 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24973 Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the log… https://t.co/Wv93uZB67i
@CVEnew
11 Feb 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes