CVE-2025-24973

Summary

CVE-2025-24973 is a vulnerability affecting the Concorde microblogging platform, previously known as Nexkey, before version 12.25Q1.1. This issue arises from an inadequately implemented logout process, resulting in authentication credentials being retained in cookies even after a user has logged out. An attacker could potentially exploit this flaw to steal authentication tokens, posing a severe risk if an admin user has accessed the platform on a shared device. Users who have logged in on such devices are advised to regenerate their login tokens via the Security settings. The vulnerability is resolved in version 12.25Q1.1, and as a temporary measure, users can clear their cookies and site data in their browsers after logging out.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.