High Published: Aug 09, 2025 Modified: Aug 11, 2025

CVE-2025-55009

7.1 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Description

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.

CVSS Vector Details

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability Low

Weaknesses (CWE)

CWE-200

References & External Links

https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6
https://github.com/workos/authkit-remix/releases/tag/v0.15.0
https://github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cx

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker