High severity8.8NVD Advisory· Published Nov 16, 2021· Updated Jun 17, 2026
CVE-2021-25940
CVE-2021-25940
Description
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- github.com/arangodb/arangodb/commit/e9c6ee9dcca7b9b4fbcd02a0b323d205bee838d3nvdPatchThird Party Advisory
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25940nvdThird Party Advisory
News mentions
0No linked articles in our index yet.