CVE-2025-64762
中文标题:
(暂无数据)
英文标题:
authkit-nextjs may let session cookies be cached in CDNs
漏洞描述
中文描述:
(暂无数据)
英文描述:
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| workos | authkit-nextjs | < 2.11.1 | - | - |
cpe:2.3:a:workos:authkit-nextjs:<_2.11.1:*:*:*:*:*:*:*
|
| workos | authkit-nextjs | * | - | - |
cpe:2.3:a:workos:authkit-nextjs:*:*:*:*:*:node.js:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
CVSS评分详情
4.0 (cna)
HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-64762 |
2025-11-25 02:04:32 | 2026-01-12 02:12:20 |
| NVD | nvd_CVE-2025-64762 |
2025-12-12 03:21:45 | 2026-01-12 02:28:01 |
版本与语言
安全公告
变更历史
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']