Description

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out.

INFO

Published Date :

2025-02-11T15:41:41.811Z

Last Modified :

2025-02-11T16:12:06.824Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24973 vulnerability.

Vendors Products
Nexryai
  • Concorde
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24973.

URL Resource
https://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e cve-icon cve-icon
https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact