Unrated severityNVD Advisory· Published Dec 1, 2025· Updated Dec 1, 2025
CVE-2025-11699
CVE-2025-11699
Description
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate user has logged out, enabling session hijacking. Any version above 4.70 that is not 4.80.3 fixes the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=4.70, ==4.80.3+ 1 more
- (no CPE)range: <=4.70, ==4.80.3
- (no CPE)range: 4.10
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.