Vulnerability Details CVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a
a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2025-11699
-
cpe:2.3:a:nopcommerce:nopcommerce:1.70
-
cpe:2.3:a:nopcommerce:nopcommerce:1.80
-
cpe:2.3:a:nopcommerce:nopcommerce:1.90
-
cpe:2.3:a:nopcommerce:nopcommerce:2.00
-
cpe:2.3:a:nopcommerce:nopcommerce:2.10
-
cpe:2.3:a:nopcommerce:nopcommerce:2.20
-
cpe:2.3:a:nopcommerce:nopcommerce:2.30
-
cpe:2.3:a:nopcommerce:nopcommerce:2.40
-
cpe:2.3:a:nopcommerce:nopcommerce:2.50
-
cpe:2.3:a:nopcommerce:nopcommerce:2.60
-
cpe:2.3:a:nopcommerce:nopcommerce:2.65
-
cpe:2.3:a:nopcommerce:nopcommerce:2.70
-
cpe:2.3:a:nopcommerce:nopcommerce:2.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.00
-
cpe:2.3:a:nopcommerce:nopcommerce:3.10
-
cpe:2.3:a:nopcommerce:nopcommerce:3.20
-
cpe:2.3:a:nopcommerce:nopcommerce:3.30
-
cpe:2.3:a:nopcommerce:nopcommerce:3.40
-
cpe:2.3:a:nopcommerce:nopcommerce:3.50
-
cpe:2.3:a:nopcommerce:nopcommerce:3.60
-
cpe:2.3:a:nopcommerce:nopcommerce:3.70
-
cpe:2.3:a:nopcommerce:nopcommerce:3.80
-
cpe:2.3:a:nopcommerce:nopcommerce:3.90
-
cpe:2.3:a:nopcommerce:nopcommerce:4.00
-
cpe:2.3:a:nopcommerce:nopcommerce:4.10
-
cpe:2.3:a:nopcommerce:nopcommerce:4.20
-
cpe:2.3:a:nopcommerce:nopcommerce:4.30
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.2
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.3
-
cpe:2.3:a:nopcommerce:nopcommerce:4.40.4
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.0
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.1
-
cpe:2.3:a:nopcommerce:nopcommerce:4.50.2
-
cpe:2.3:a:nopcommerce:nopcommerce:4.80.3