CVE-2025-63563

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password.

Stolichnayer/Summer-Pearl-Group-Insufficient-Session-Expiration
Stolichnayer/Summer-Pearl-Group-Insufficient-Session-Expiration
Summer Pearl Group's Vacation Rental Management Platform versions ≤ 1.0.1 contain an Insufficient Session Expiration vulnerability.
GitHubGitHub