{"id":"CVE-2025-24896","summary":"Misskey allows token to remain valid in cookie after signing out","details":"Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named `token` is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary affected users will be users who have logged into Misskey using a public PC or someone else's device, but it's possible that users who have logged out of Misskey before lending their PC to someone else could also be affected. Version 2025.2.0-alpha.0 contains a fix for this issue.","aliases":["GHSA-w98m-j6hq-cwjm"],"modified":"2026-04-15T04:48:50.426813Z","published":"2025-02-11T15:14:09.305Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24896.json","cwe_ids":["CWE-613"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24896.json"},{"type":"ADVISORY","url":"https://github.com/misskey-dev/misskey/security/advisories/GHSA-w98m-j6hq-cwjm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24896"},{"type":"FIX","url":"https://github.com/misskey-dev/misskey/commit/ba9f295ef2bf31cc90fa587e20b9a7655b7a1824"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/misskey-dev/misskey","events":[{"introduced":"0"},{"fixed":"ba9f295ef2bf31cc90fa587e20b9a7655b7a1824"}]},{"type":"GIT","repo":"https://github.com/syuilo/misskey","events":[{"introduced":"2375359d129b63988b0658f735e1d9c014c10d71"},{"last_affected":"87b9016dbe75573db52ee03bbc67315caf8bbe6a"}],"database_specific":{"versions":[{"introduced":"12.109.0"},{"last_affected":"2025.1.0"}]}}],"versions":["0.0.5018","0.0.5023","0.0.5030","0.0.5042","0.0.5051","0.0.5064","0.0.5074","0.0.5089","1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.5.0","1.6.0","1.7.0","10.0.0","10.1.0","10.10.0","10.10.1","10.11.0","10.11.1","10.12.0","10.12.1","10.13.0","10.14.0","10.15.0","10.16.0","10.17.0","10.18.0","10.19.0","10.2.0","10.2.1","10.20.0","10.21.0","10.21.1","10.21.2","10.21.3","10.22.0","10.22.1","10.23.0","10.23.1","10.24.0","10.25.0","10.26.0","10.27.0","10.28.0","10.29.0","10.29.1","10.3.0","10.30.0","10.30.1","10.30.2","10.30.3","10.31.0","10.32.0","10.33.0","10.34.0","10.35.0","10.35.1","10.36.0","10.36.1","10.37.0","10.38.0","10.38.1","10.38.2","10.38.3","10.38.4","10.38.5","10.38.6","10.38.7","10.38.8","10.39.0","10.39.1","10.4.0","10.40.0","10.40.1","10.41.0","10.42.0","10.42.2","10.43.0","10.43.1","10.44.0","10.44.1","10.44.2","10.45.0","10.46.0","10.46.1","10.46.2","10.47.0","10.48.0","10.48.1","10.49.0","10.49.1","10.49.2","10.49.3","10.49.4","10.49.5","10.49.6","10.49.7","10.5.0","10.50.0","10.51.0","10.51.1","10.51.2","10.52.0","10.53.0","10.54.0","10.55.0","10.56.0","10.56.1","10.56.2","10.57.0","10.57.1","10.57.2","10.57.3","10.58.0","10.58.1","10.58.2","10.59.0","10.59.1","10.59.2","10.59.3","10.59.4","10.6.0","10.60.0","10.60.1","10.60.2","10.60.3","10.60.4","10.61.0","10.62.0","10.62.1","10.62.2","10.63.0","10.63.1","10.64.0","10.64.1","10.64.2","10.65.0","10.66.0","10.66.1","10.66.2","10.67.0","10.68.0","10.69.0","10.7.0","10.7.1","10.7.2","10.70.0","10.70.1","10.71.0","10.72.0","10.73.0","10.74.0","10.75.0","10.76.0","10.77.0","10.78.0","10.78.1","10.78.2","10.78.3","10.78.4","10.78.5","10.79.0","10.79.1","10.8.0","10.80.0","10.81.0","10.82.0","10.82.1","10.82.2","10.82.3","10.82.4","10.83.0","10.84.0","10.84.1","10.84.2","10.85.0","10.85.1","10.85.2","10.86.0","10.86.1","10.86.2","10.87.0","10.87.1","10.87.2","10.87.3","10.87.4","10.87.5","10.88.0","10.89.0","10.89.1","10.9.0","10.9.1","10.9.2","10.90.0","10.90.1","10.90.2","10.90.3","10.90.4","10.91.0","10.91.1","10.91.2","10.92.0","10.92.1","10.92.2","10.92.3","10.92.4","10.93.0","10.93.1","10.94.0","10.95.0","10.96.0","10.97.0","10.97.1","10.97.2","10.98.0","10.98.1","10.98.2","10.98.3","10.99.0","11.0.0-alpha.1","11.0.0-alpha.10","11.0.0-alpha.2","11.0.0-alpha.3","11.0.0-alpha.4","11.0.0-alpha.5","11.0.0-alpha.6","11.0.0-alpha.7","11.0.0-alpha.8","11.0.0-beta.1","11.0.0-beta.10","11.0.0-beta.11","11.0.0-beta.12","11.0.0-beta.13","11.0.0-beta.14","11.0.0-beta.15","11.0.0-beta.16","11.0.0-beta.2","11.0.0-beta.3","11.0.0-beta.4","11.0.0-beta.5","11.0.0-beta.6","11.0.0-beta.7","11.0.0-beta.8","11.0.0-beta.9","11.26.1","11.26.2","11.27.0","11.27.1","11.28.0","11.28.1","11.28.2","11.29.0","11.30.0","11.31.0","11.31.1","11.31.2","11.31.3","11.31.4","11.32.0","11.33.0","11.34.0","11.35.0","11.35.1","11.36.0","11.37.0","11.37.1","12.0.0","12.1.0","12.10.0","12.11.0","12.12.0","12.13.0","12.14.0","12.15.0","12.16.0","12.17.0","12.18.0","12.18.1","12.19.0","12.2.0","12.20.0","12.21.0","12.29.0","12.3.0","12.30.0","12.31.0","12.32.0","12.33.0","12.34.0","12.35.0","12.35.1","12.35.2","12.36.0","12.36.1","12.37.0","12.38.0","12.38.1","12.39.0","12.39.1","12.4.0","12.4.1","12.40.0","12.41.0","12.41.1","12.41.2","12.41.3","12.42.0","12.43.0","12.44.0","12.44.1","12.45.0","12.45.1","12.46.0","12.47.0","12.47.1","12.48.0","12.48.1","12.48.2","12.48.3","12.49.0","12.49.1","12.5.0","12.50.0","12.51.0","12.52.0","12.53.0","12.54.0","12.55.0","12.56.0","12.57.0","12.57.1","12.57.4","12.58.0","12.59.0","12.6.0","12.60.0","12.60.1","12.61.0","12.61.1","12.62.0","12.62.1","12.62.2","12.63.0","12.64.0","12.64.1","12.64.2","12.65.0","12.65.1","12.65.2","12.65.3","12.65.4","12.65.5","12.65.6","12.65.7","12.66.0","12.67.0","12.67.1","12.7.0","12.7.1","12.8.0","12.9.0","13.0.0-beta.16","13.0.0-beta.21","13.0.0-beta.22","13.0.0-beta.23","13.0.0-beta.24","13.0.0-beta.25","13.0.0-beta.26","13.0.0-beta.27","13.0.0-beta.28","13.0.0-beta.29","13.0.0-beta.30","13.0.0-beta.31","13.0.0-beta.32","13.0.0-beta.33","13.0.0-beta.34","13.0.0-beta.35","13.0.0-beta.36","13.0.0-beta.37","13.0.0-beta.38","13.0.0-beta.39","13.0.0-beta.40","13.0.0-beta.41","13.0.0-beta.42","13.0.0-beta.43","13.0.0-rc.1","13.0.0-rc.10","13.0.0-rc.11","13.0.0-rc.2","13.0.0-rc.3","13.0.0-rc.5","13.0.0-rc.6","13.0.0-rc.7","13.0.0-rc.8","13.0.0-rc.9","13.11.0-beta.4","13.11.0-beta.6","13.11.0-beta.7","13.11.0-beta.8","13.11.0.beta-1","13.11.0.beta-2","13.11.0.beta-3","13.12.0-beta.2","13.12.0-beta.3","13.12.0-beta.4","13.12.0-beta.5","13.12.0-beta.6","13.13.0-beta.1","13.13.0-beta.2","13.13.0-beta.3","13.13.0-beta.4","13.13.0-beta.5","13.13.0-beta.6","13.13.0-beta.7","13.14.0-beta.1","13.14.0-beta.2","13.14.0-beta.3","13.14.0-beta.4","13.14.0-beta.5","13.14.0-beta.6","13.14.0-beta.7","2.0.0","2.1.1","2.1.2","2.1.3","2.1.4","2.10.0","2.10.1","2.11.0","2.12.0","2.13.0","2.14.0","2.15.0","2.16.0","2.16.1","2.16.2","2.16.3","2.16.4","2.16.5","2.16.6","2.16.7","2.16.8","2.17.0","2.18.0","2.18.2","2.19.0","2.2.0","2.20.0","2.20.1","2.21.0","2.21.1","2.22.0","2.22.1","2.22.2","2.22.3","2.23.0","2.24.0","2.24.1","2.24.2","2.25.1","2.25.2","2.27.3","2.29.0","2.29.1","2.3.0","2.3.1","2.30.0","2.30.1","2.31.0","2.32.0","2.33.0","2.33.1","2.34.0","2.34.1","2.34.3","2.35.1","2.35.2","2.35.3","2.36.1","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.38.2","2.38.3","2.4.0","2.40.0","2.40.1","2.41.1","2.42.0","2.5.0","2.6.2","2.7.1","2.9.0","2.9.1","2023.10.0-beta.1","2023.10.0-beta.10","2023.10.0-beta.11","2023.10.0-beta.12","2023.10.0-beta.13","2023.10.0-beta.14","2023.10.0-beta.15","2023.10.0-beta.2","2023.10.0-beta.3","2023.10.0-beta.4","2023.10.0-beta.5","2023.10.0-beta.6","2023.10.0-beta.7","2023.10.0-beta.8","2023.10.0-beta.9","2023.10.2-beta.1","2023.10.2-beta.2","2023.11.0-beta.1","2023.11.0-beta.10","2023.11.0-beta.2","2023.11.0-beta.3","2023.11.0-beta.4","2023.11.0-beta.5","2023.11.0-beta.6","2023.11.0-beta.7","2023.11.0-beta.8","2023.11.0-beta.9","2023.11.1-beta.1","2023.11.1-beta.2","2023.12.0-beta.1","2023.12.0-beta.2","2023.12.0-beta.3","2023.12.0-beta.4","2023.12.0-beta.5","2023.12.0-beta.6","2023.9.0-beta.1","2023.9.0-beta.10","2023.9.0-beta.11","2023.9.0-beta.2","2023.9.0-beta.3","2023.9.0-beta.4","2023.9.0-beta.5","2023.9.0-beta.6","2023.9.0-beta.7","2023.9.0-beta.8","2023.9.0-beta.9","2023.9.0-rc.1","2023.9.0-rc.2","2023.9.0-rc.3","2023.9.0-rc.4","2024.10.0","2024.10.0-alpha.0","2024.10.0-alpha.1","2024.10.0-beta.2","2024.10.0-beta.3","2024.10.0-beta.4","2024.10.0-beta.5","2024.10.0-beta.6","2024.10.1","2024.10.1-alpha.0","2024.10.1-beta.1","2024.10.1-beta.2","2024.10.1-beta.3","2024.10.1-beta.4","2024.10.1-beta.5","2024.10.1-beta.6","2024.10.2-alpha.0","2024.10.2-alpha.1","2024.10.2-alpha.2","2024.11.0","2024.11.0-alpha.1","2024.11.0-alpha.2","2024.11.0-alpha.3","2024.11.0-beta.4","2024.2.0-beta.1","2024.2.0-beta.10","2024.2.0-beta.12","2024.2.0-beta.13","2024.2.0-beta.2","2024.2.0-beta.3","2024.2.0-beta.4","2024.2.0-beta.5","2024.2.0-beta.6","2024.2.0-beta.7","2024.2.0-beta.8","2024.2.0-beta.9","2024.7.0","2024.7.0-beta.0","2024.7.0-beta.1","2024.7.0-beta.2","2024.7.0-beta.3","2024.7.0-rc.4","2024.7.0-rc.5","2024.7.0-rc.6","2024.7.0-rc.7","2024.7.0-rc.8","2024.8.0","2024.8.0-alpha.0","2024.8.0-alpha.1","2024.8.0-beta.2","2024.8.0-rc.3","2024.8.0-rc.4","2024.8.0-rc.5","2024.9.0","2024.9.0-alpha.0","2024.9.0-alpha.1","2024.9.0-alpha.10","2024.9.0-alpha.11","2024.9.0-alpha.12","2024.9.0-alpha.13","2024.9.0-alpha.2","2024.9.0-alpha.3","2024.9.0-alpha.4","2024.9.0-alpha.5","2024.9.0-alpha.6","2024.9.0-alpha.7","2024.9.0-alpha.8","2024.9.0-alpha.9","2024.9.0-beta.14","2025.1.0","2025.1.0-alpha.0","2025.1.0-beta.0","2025.1.0-beta.1","2025.1.0-beta.2","2025.1.0-beta.3","3.0.1","3.1.0","3.1.1","4.10.0","4.11.0","4.12.0","4.13.0","4.14.0","4.15.0","4.17.1","4.19.1","4.2.0","4.20.0","4.22.1","4.23.1","4.24.1","4.25.0","4.26.0","4.3.0","4.3.1","4.5.0","4.7.0","4.7.1","4.9.0","5.0.0","5.1.0","5.10.0","5.11.0","5.12.0","5.13.0","5.13.1","5.13.2","5.14.0","5.15.0","5.16.0","5.17.0","5.18.0","5.19.0","5.20.0","5.20.1","5.21.0","5.22.0","5.22.1","5.23.0","5.23.1","5.23.2","5.24.0","5.24.1","5.25.0","5.3.0","5.4.0","5.5.0","5.6.1","5.6.2","6.0.0","6.0.1","6.0.2","6.1.0","6.2.0","6.3.0","6.4.0","6.4.1","7.0.0","7.0.2","7.1.0","7.1.1","7.1.2","7.2.0","7.3.0","8.17.0","8.18.0","8.19.0","8.19.1","8.20.0","8.21.0","8.23.0","8.24.0","8.25.0","8.26.0","8.27.0","8.28.0","8.28.1","8.29.0","8.30.0","8.31.0","8.32.0","8.33.0","8.34.0","8.34.1","8.34.2","8.34.3","8.34.4","8.35.0","8.36.0","8.37.0","8.38.0","8.39.0","8.40.0","8.41.0","8.42.0","8.43.0","8.44.0","8.44.1","8.45.0","8.45.1","8.46.0","8.47.0","8.48.0","8.49.0","8.5.1","8.50.0","8.51.0","8.52.0","8.53.0","8.54.0","8.55.0","8.56.0","8.57.0","8.57.1","8.58.0","8.59.0","8.60.0","8.61.0","8.62.0","8.63.0","8.64.0","9.0.0","9.1.0","9.2.0","9.3.0","9.3.1","9.4.0","9.5.0","9.6.0","9.7.0","9.7.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-24896.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}