CVE-2025-59335

High CVSS: 7.1

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized user can maintain access even after the password has been changed. Due to this bug, if an account has already been compromised, the legitimate user has no way to revoke the attacker’s access. The malicious actor retains full access to the account until their session naturally expires. This means the account remains insecure even after the password has been changed. This issue has been patched in version 6.5.11.

Vendor

Cubecart

Product

Cubecart

CWE

CWE-613

Yayın Tarihi

2025-09-22 17:16:08

Güncelleme

2025-09-23 16:51:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-613 Cubecart HIGH Cubecart 2025

Referanslar

https://github.com/cubecart/v6/commit/4bfaeb4485dd82255a108940a163af5ba4583b52 https://github.com/cubecart/v6/commit/62d9be8416aa6fd7343f8932d98c5b112b163e26 https://github.com/cubecart/v6/security/advisories/GHSA-4vwh-x8m2-fmvv https://github.com/cubecart/v6/security/advisories/GHSA-4vwh-x8m2-fmvv

Benzer Kayıtlar

Medium

CVE-2025-59413

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription…

Medium

CVE-2025-59411

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML a…

Medium

CVE-2025-59412

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews featu…