QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4754

Published: Jun 17, 2025

Modified: May 27, 2026

PUBLISHED

Description

Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0.

Vendor	Product	Versions
ash-project	ash_authentication_phoenix	affected `0 - < 2.10.0`
ash-project	ash_authentication_phoenix	affected `0 - < a3253fb4fc7145aeb403537af1c24d3a8d51ffb1`

Weaknesses (CWE)

References

https://github.com/team-alembic/ash_authentication_phoenix/security/advisories/GHSA-f7gq-h8jv-h3cq

vendor-advisory

related

https://cna.erlef.org/cves/CVE-2025-4754.html

related

https://osv.dev/vulnerability/EEF-CVE-2025-4754

related

https://github.com/team-alembic/ash_authentication_phoenix/pull/634

patch

https://github.com/team-alembic/ash_authentication_phoenix/commit/a3253fb4fc7145aeb403537af1c24d3a8d51ffb1

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.