CVE-2025-24896

Summary

CVE-2025-24896 affects the Misskey open source social media platform, where a login token named "token" is stored in a cookie after logout in the Bull Dashboard. This vulnerability, present in versions 12.109.0 and prior to 2025.2.0-alpha.0, can put users at risk, particularly those using public PCs or lending their devices to others. The token remains active even after logout, potentially granting unauthorized access to an account. Version 2025.2.0-alpha.0 includes a fix for this issue, mitigating the risk for affected users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.