How severe is CVE-2025-48061?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2025-48061?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2025-48061

MEDIUM Year: 2025

CVSS v3 Score

5.6

Medium

Weakness Type

CWE-613

View all →

Vulnerability Description

wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting "This is a public computer" during login or the user selects "Delete all your personal information and conversations on this device" upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client.

CVE-2017-14007

MEDIUM

CVSS:5.6(Medium)

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing ...

CWE-6132017

CVE-2017-1693

MEDIUM

CVSS:5.6(Medium)

IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134...

CWE-6132017

CVE-2019-14826

MEDIUM

CVSS:5.6(Medium)

A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can...

CWE-6132019

CVE-2021-21031

MEDIUM

CVSS:5.6(Medium)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation could lead to unauthorized access to restricted...

CWE-6132021

CVE-2021-21032

MEDIUM

CVSS:5.6(Medium)

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) do not adequately invalidate user sessions. Successful exploitation of this issue could lead to unauthorized access...

CWE-6132021

CVE-2021-38986

MEDIUM

CVSS:5.6(Medium)

IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 212942.

CWE-6132021

CVE-2025-48061

Vulnerability Description

Related Vulnerabilities

CVE-2017-14007

CVE-2017-1693

CVE-2019-14826

CVE-2021-21031

CVE-2021-21032

CVE-2021-38986