CVE-2025-53642 – This vulnerability in HAXcms backends fails to ... (How to Fix)

Q: What is the severity of CVE-2025-53642?

CVE-2025-53642 has a CVSS score of 4.8 (MEDIUM). This vulnerability in HAXcms backends fails to properly terminate user sessions during logout, allowing attackers to maintain access to authenticated sessions. It affects all users of haxcms-nodejs and haxcms-php backends before version 11.0.6.

📋 TL;DR

This vulnerability in HAXcms backends fails to properly terminate user sessions during logout, allowing attackers to maintain access to authenticated sessions. It affects all users of haxcms-nodejs and haxcms-php backends before version 11.0.6.

💻 Affected Systems

Products:

haxcms-nodejs
haxcms-php

Versions: All versions before 11.0.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects both Node.js and PHP implementations of HAXcms backends.

📦 What is this software?

Haxcms Nodejs by Psu

View all CVEs affecting Haxcms Nodejs →

Haxcms Php by Psu

View all CVEs affecting Haxcms Php →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could maintain persistent access to compromised accounts, potentially leading to unauthorized content modification, data theft, or privilege escalation.

🟠

Likely Case

Session hijacking where attackers can access authenticated user sessions after logout, leading to unauthorized actions within the CMS.

🟢

If Mitigated

Limited impact with proper session management controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to a user session but is trivial once obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.0.6

Vendor Advisory: https://github.com/haxtheweb/issues/security/advisories/GHSA-g4f5-5w5j-p5jg

Restart Required: Yes

Instructions:

1. Update haxcms-nodejs or haxcms-php to version 11.0.6 or later. 2. Restart the application server. 3. Force all users to log out and log back in to invalidate existing sessions.

🔧 Temporary Workarounds

Manual Session Invalidation

all

Implement custom session termination logic that clears all session cookies and tokens on logout.

🧯 If You Can't Patch

Implement strict session timeout policies and force periodic re-authentication
Monitor for unusual session activity and implement session revocation mechanisms

🔍 How to Verify

Check if Vulnerable:

Check if logout functionality fails to clear session cookies or tokens after logout.

Check Version:

Check package.json for haxcms-nodejs or composer.json for haxcms-php version

Verify Fix Applied:

Test logout functionality to ensure all session cookies and tokens are properly cleared.

📡 Detection & Monitoring

Log Indicators:

Multiple successful logins from same session ID after logout
Unusual session duration

Network Indicators:

Session cookies persisting after logout requests

SIEM Query:

session_id AFTER logout AND successful_authentication

📊 Metadata

CVE ID: CVE-2025-53642

CVSS v3 Score: 4.8 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-613

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: July 11, 2025

Last Updated: August 22, 2025

🔗 References

https://github.com/haxtheweb/issues/security/advisories/GHSA-g4f5-5w5j-p5jg Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-53642, you might also want to check these: