CVE-2025-24973
📋 TL;DR
This vulnerability in Concorde (formerly Nexkey) allows authentication credentials to persist in cookies after logout, enabling attackers to steal authentication tokens. This primarily affects users on shared devices, especially administrators whose compromised tokens could lead to full system compromise. All users of affected versions are vulnerable until they patch or implement workarounds.
💻 Affected Systems
- Concorde (formerly Nexkey)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains persistent access to an administrator account, leading to complete system takeover, data exfiltration, or deployment of additional malware.
Likely Case
Unauthorized access to user accounts on shared devices, potentially leading to data theft, privilege escalation, or account misuse.
If Mitigated
Limited impact with proper session management, regular token rotation, and device segregation.
🎯 Exploit Status
Exploitation requires access to the user's browser or device after logout. No authentication needed beyond physical/remote access to the device.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.25Q1.1
Vendor Advisory: https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2
Restart Required: Yes
Instructions:
1. Backup your instance. 2. Update to version 12.25Q1.1 via git pull or package manager. 3. Restart the Concorde service. 4. Verify the fix by checking the version.
🔧 Temporary Workarounds
Clear Browser Cookies
allManually clear cookies and site data in the browser after logging out to remove persistent authentication tokens.
Regenerate Login Tokens
allUsers on shared devices should regenerate their login tokens via Settings > Security.
🧯 If You Can't Patch
- Enforce mandatory browser cookie clearing policies for all users after logout.
- Implement strict access controls and monitoring for shared devices, especially for administrative accounts.
🔍 How to Verify
Check if Vulnerable:
Check if your Concorde version is below 12.25Q1.1. Log out and inspect browser cookies for persistent authentication tokens.Check Version:
Check the version in the Concorde admin panel or via the instance's API endpoint.Verify Fix Applied:
After updating to 12.25Q1.1, verify that authentication cookies are properly cleared upon logout.📡 Detection & Monitoring
Log Indicators:
- Unusual login patterns from previously logged-out sessions
- Multiple authentication attempts from the same token
Network Indicators:
- Suspicious API calls using old authentication tokens
SIEM Query:
Search for authentication events where session tokens are reused after logout events.