CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b
https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g

Configurations

No configuration.

History

12 May 2025, 17:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-08 20:15

Updated : 2025-05-12 17:32

NVD link : CVE-2025-46336

Mitre link : CVE-2025-46336

CVE.ORG link : CVE-2025-46336

JSON object : View

Products Affected

No product.

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-613

Insufficient Session Expiration

{"id": "CVE-2025-46336", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2025-05-08T20:15:30.670", "references": [{"url": "https://github.com/rack/rack-session/commit/c28c4a8c1861d814e09f2ae48264ac4c40be2d3b", "source": "security-advisories@github.com"}, {"url": "https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj", "source": "security-advisories@github.com"}, {"url": "https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-367"}, {"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1."}, {"lang": "es", "value": "Rack::Session es una implementaci\u00f3n de gesti\u00f3n de sesiones para Rack. En versiones desde la 2.0.0 hasta anteriores a la 2.1.1, al usar el middleware Rack::Session::Pool, y siempre que el atacante pueda obtener una cookie de sesi\u00f3n (un problema ya grave), la sesi\u00f3n puede restaurarse si el atacante activa una solicitud de larga duraci\u00f3n (dentro de la misma sesi\u00f3n) junto al cierre de sesi\u00f3n del usuario, para as\u00ed conservar el acceso il\u00edcito incluso despu\u00e9s de que el usuario haya intentado cerrar sesi\u00f3n. Este problema se ha corregido en la versi\u00f3n 2.1.1."}], "lastModified": "2025-05-12T17:32:52.810", "sourceIdentifier": "security-advisories@github.com"}