CVE-2025-4754 – Ash-Project Phoenix Session Hijacking

June 17, 2025

CVE ID : CVE-2025-4754

Published : June 17, 2025, 3:15 p.m. | 3 hours, 11 minutes ago

Description : Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.

This issue affects ash_authentication_phoenix until 2.10.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6196 – Libgepub EPUB File Processing Memory Corruption

Next Article CVE-2025-49875 – IfSo Dynamic Content Personalization Cross-site Scripting (XSS)

Highlights

CVE-2025-25209 – Red Hat Connectivity Link Information Disclosure Vulnerability

June 9, 2025

CVE ID : CVE-2025-25209

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-4754 – Ash-Project Phoenix Session Hijacking

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2025-5378 – Astun Technology iShare Maps Cross-Site Scripting Vulnerability

TravelerOS – Linux distribution built for USB drives

CVE-2025-45618 – Jeeweb Mybatis Springboot Unauthenticated Information Disclosure

Understanding the code modernization conundrum

CVE-2025-25209 – Red Hat Connectivity Link Information Disclosure Vulnerability

Parse Localized Numbers with Laravel’s Number Class

Building Trust and Shaping the Future: Implementing Responsible AI – Part 2

Cisco IMC Vulnerability Attackers to Access Internal Services with Elevated Privileges

CVE-2025-4754 – Ash-Project Phoenix Session Hijacking

Related Posts