CWE-613 (不充分的会话过期机制) — Vulnerability Class 296

296 vulnerabilities classified as CWE-613 (不充分的会话过期机制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58437	Coder's privilege escalation vulnerability could lead to a cross workspace compromise — coder	8.1	High	2025-09-06
CVE-2025-58352	Weblate has long session expiry times during second factor verification — weblate	-	-^AI	2025-09-04
CVE-2025-55162	Envoy: oAuth2 Filter Signout route will not clear cookies because of missing "secure;" flag — envoy	6.3	Medium	2025-09-03
CVE-2025-4643	Lack of JWT Expiration after Log Out in PayloadCMS — Payload	9.1	-	2025-08-29
CVE-2024-41985	Siemens多款产品代码问题漏洞 — SmartClient modules Opcenter QL Home (SC)	2.6	Low	2025-08-12
CVE-2025-36040	IBM Aspera Faspex session fixation — Aspera Faspex	6.5	Medium	2025-07-30
CVE-2025-31952	HCL iAutomate is affected by an insufficient session expiration — iAutomate	7.1	High	2025-07-24
CVE-2024-27779	Fortinet FortiSandbox和Fortinet FortiIsolator 代码问题漏洞 — FortiSandbox	6.3	Medium	2025-07-18
CVE-2025-53642	haxcms-nodejs and haxcms-php Improperly Terminate Sessions — issues	4.8	Medium	2025-07-11
CVE-2025-4407	Application does not invalidate session after password reset — Lite Panel Pro	6.7	Medium	2025-06-30
CVE-2025-49152	Insufficient Session Expiration in MICROSENS NMP Web+ — NMP Web+	9.8^AI	Critical^AI	2025-06-25
CVE-2025-4754	Missing Session Revocation on Logout in ash_authentication_phoenix — ash_authentication_phoenix	9.8^AI	Critical^AI	2025-06-17
CVE-2024-50562	Fortinet FortiOS SSL-VPN 代码问题漏洞 — FortiOS	4.4	Medium	2025-06-10
CVE-2025-25019	IBM QRadar Suite Software and IBM Cloud Pak for Security session fixation — QRadar Suite Software	4.8	Medium	2025-06-03
CVE-2025-33005	IBM Planning Analytics Local session fixation — Planning Analytics Local	6.3	Medium	2025-06-01
CVE-2025-48061	wire-webapp Has Insufficient Session Invalidation after User Logout — wire-webapp	5.6	Medium	2025-05-22
CVE-2025-0138	Prisma Cloud Compute Edition: Insufficient Session Expiration Vulnerability in the Web Interface — Prisma Cloud Compute Edition	9.4^AI	Critical^AI	2025-05-14
CVE-2025-40566	Siemens SIMATIC PCS neo 代码问题漏洞 — SIMATIC PCS neo V4.1	8.8	High	2025-05-13
CVE-2025-46741	Improper Privilege Management — SEL Blueframe OS	5.7	Medium	2025-05-12
CVE-2025-4528	Dígitro NGC Explorer session expiration — NGC Explorer	4.3	Medium	2025-05-11
CVE-2025-46815	ZITADEL Allows IdP Intent Token Reuse — zitadel	8.0	High	2025-05-06
CVE-2025-46344	Auth0 NextJS SDK v4 Missing Session Invalidation — nextjs-auth0	9.1^AI	Critical^AI	2025-04-29
CVE-2025-2185	ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration — Net.Time - PTP/NTP clock (Serial No. NBC0081P)	8.0	High	2025-04-24
CVE-2021-47663	Improper session handling — Franka Emika Robot	8.1	High	2025-04-24
CVE-2024-22351	IBM InfoSphere Information Server session fixation — InfoSphere Information Server	6.3	Medium	2025-04-23
CVE-2025-42602	Improper Authentication Vulnerability in Meon KYC solutions — KYC solutions	9.1	-	2025-04-23
CVE-2024-45651	IBM Sterling Connect:Direct Web Services session fixation — Sterling Connect:Direct Web Services	6.3	Medium	2025-04-18
CVE-2024-49825	IBM Robotic Process Automation session fixation — Robotic Process Automation	6.3	Medium	2025-04-14
CVE-2025-24859	Apache Roller: Insufficient Session Expiration on Password Change — Apache Roller	8.8^AI	High^AI	2025-04-14
CVE-2025-30516	Unauthorized Notification Exposure in Mobile App Under Specific Conditions — Mattermost	2.0	Low	2025-04-14

Vulnerabilities classified as CWE-613 (不充分的会话过期机制) represent 296 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-613 (不充分的会话过期机制) — Vulnerability Class 296