High severity7.1OSV Advisory· Published Aug 9, 2025· Updated Apr 15, 2026
CVE-2025-55008
CVE-2025-55008
Description
The AuthKit library for React Router 7+ provides helpers for authentication and session management using WorkOS & AuthKit with React Router. In versions 0.6.1 and below, @workos-inc/authkit-react-router exposed sensitive authentication artifacts — specifically sealedSession and accessToken by returning them from the authkitLoader. This caused them to be rendered into the browser HTML. This issue is fixed in version 0.7.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@workos-inc/authkit-react-routernpm | < 0.7.0 | 0.7.0 |
Affected products
2- Range: v0.1.0, v0.1.0-alpha.0, v0.1.1, …
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vqvc-9q8x-vmq6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55008ghsaADVISORY
- github.com/workos/authkit-react-router/commit/607caac658784962bab76e227f9c5820d0b9a9e5nvdWEB
- github.com/workos/authkit-react-router/releases/tag/v0.7.0nvdWEB
- github.com/workos/authkit-react-router/security/advisories/GHSA-vqvc-9q8x-vmq6nvdWEB
News mentions
0No linked articles in our index yet.