How severe is CVE-2025-46336?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2025-46336?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2025-46336

MEDIUM Year: 2025

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

CVE-2019-19537

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/c...

CWE-3622019

CVE-2020-10575

MEDIUM

CVSS:4.2(Medium)

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or...

CWE-3622020

CVE-2020-14416

MEDIUM

CVSS:4.2(Medium)

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip...

CWE-3622020

CVE-2022-41848

MEDIUM

CVSS:4.2(Medium)

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, ...

CWE-3622022

CVE-2022-41849

MEDIUM

CVSS:4.2(Medium)

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a ...

CWE-3622022

CVE-2022-46174

MEDIUM

CVSS:4.2(Medium)

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS...

CWE-3622022

CVE-2025-46336

Vulnerability Description

Related Vulnerabilities

CVE-2019-19537

CVE-2020-10575

CVE-2020-14416

CVE-2022-41848

CVE-2022-41849

CVE-2022-46174