{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:09:13.083","vulnerabilities":[{"cve":{"id":"CVE-2025-24973","sourceIdentifier":"security-advisories@github.com","published":"2025-02-11T16:15:52.020","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker to steal authentication tokens. This could have devastating consequences if a user with admin privileges is (or was) using a shared device. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens. Version 12.25Q1.1 fixes the issue. As a workaround, clear cookies and site data in the browser after logging out."},{"lang":"es","value":"Concorde, anteriormente conocida como Nexkey, es una bifurcación de la plataforma de microblogging federada Misskey. Antes de la versión 12.25Q1.1, debido a una implementación incorrecta del proceso de cierre de sesión, las credenciales de autenticación permanecían en las cookies incluso después de que un usuario cerrara sesión explícitamente, lo que podía permitir a un atacante robar tokens de autenticación. Esto podría tener consecuencias devastadoras si un usuario con privilegios de administrador está (o estaba) usando un dispositivo compartido. Los usuarios que hayan iniciado sesión en un dispositivo compartido deben ir a Configuración > Seguridad y regenerar sus tokens de inicio de sesión. La versión 12.25Q1.1 soluciona el problema. Como workaround, borre las cookies y los datos del sitio en el navegador después de cerrar sesión. "}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e","source":"security-advisories@github.com"},{"url":"https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2","source":"security-advisories@github.com"}]}}]}