CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

PT-2025-6251 · Concorde · Concorde

Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1 Description: The issue arises from an improper implementation of the logout process, causing authentication credentials to remain in cookies even after a user has explicitly logged out. This may allow an...