CVE-2025-53886 – Directus Session Hijacking Vulnerability

July 15, 2025

CVE ID : CVE-2025-53886

Published : July 15, 2025, 12:15 a.m. | 2 hours, 36 minutes ago

Description : Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-53887 – Directus OpenAPI Spec Version Disclosure

Next Article CVE-2025-53839 – DRACOON Branding Service Cross-Site Scripting Vulnerability

Twilio’s Event Triggered Journeys, OutSystem’s Agent Workbench, and more – Daily News Digest

Harness Infrastructure as Code Management expands with features that facilitate better reusability

Akka introduces platform for distributed agentic AI

Design Patterns For AI Interfaces

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

“A future has been stolen from many of us” — ZeniMax Online Studios devs will reportedly soon be hit by Microsoft’s Xbox layoffs after the MMO Phil Spencer loved was cancelled

The details of TC39’s last meeting

The details of TC39’s last meeting

How Agentic AI is Reshaping Marketing and CX Operations

We’re Moving! NodeSource Distributions Now Have a New Home – With Extended Support

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Xbox Cloud Gaming is getting next-gen treatment too — here’s what we expect to see in the coming months and years for cloud gamers ☁️

Windows 7 running natively on a Steam Deck is an affront to science — this tinkerer has Microsoft’s OS booting in portrait mode

“Everybody’s jobs will be affected” — but NVIDIA’s CEO believes society can think its way out of AI-related job loss

CVE-2025-53886 – Directus Session Hijacking Vulnerability

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Part 3: Building an AI-powered assistant for investment research with multi-agent collaboration in Amazon Bedrock and Amazon Bedrock Data Automation

Interaction design concepts

CVE-2021-4455 – “WordPress Smart Product Review Plugin File Upload Vulnerability”

Anthropic’s new AI models for classified info are already in use by US gov

Unlearning or Obfuscating? Jogging the Memory of Unlearned LLMs via Benign Relearning

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Microsoft will add the Calendar Flyout Clock to Windows 11’s Notification Center

Cyberpunk: Edgerunners 2 is bringing another season of the excellent animated series — I couldn’t be more excited

CVE-2025-53886 – Directus Session Hijacking Vulnerability

Related Posts