Home > Vulnerability Database > CVE-2025-59335

Mend.io Vulnerability Database

CVE-2025-59335

Good to know:

Date: September 22, 2025

CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security risk, as if a user forgets to log out from a location where they accessed their account, an unauthorized user can maintain access even after the password has been changed. Due to this bug, if an account has already been compromised, the legitimate user has no way to revoke the attacker’s access. The malicious actor retains full access to the account until their session naturally expires. This means the account remains insecure even after the password has been changed. This issue has been patched in version 6.5.11.

Severity Score

7.1

Related Resources (5)

Url: https://github.com/cubecart/v6/commit/4bfaeb4485dd82255a108940a163af5ba4583b52

Url: https://github.com/cubecart/v6/commit/62d9be8416aa6fd7343f8932d98c5b112b163e26

Url: https://github.com/cubecart/v6/security/advisories/GHSA-4vwh-x8m2-fmvv

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59335

Url: https://www.mend.io/vulnerability-database/CVE-2025-59335

Severity Score

7.1

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

Top Fix

Upgrade Version

Upgrade to version https://github.com/cubecart/v6.git - v6.5.11

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59335

Good to know:

Date: September 22, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?