The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 12 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Workos
Workos authkit
Vendors & Products Workos
Workos authkit

Mon, 11 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 09 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
Description The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
Title AuthKit: Sensitive auth data rendered in HTML
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-11T14:35:52.345Z

Reserved: 2025-08-04T17:34:24.422Z

Link: CVE-2025-55009

cve-icon Vulnrichment

Updated: 2025-08-11T14:35:45.609Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-09T03:15:47.483

Modified: 2025-08-11T18:32:48.867

Link: CVE-2025-55009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-12T11:47:08Z