High severity7.1OSV Advisory· Published Aug 9, 2025· Updated Apr 15, 2026
CVE-2025-55009
CVE-2025-55009
Description
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@workos-inc/authkit-remixnpm | < 0.15.0 | 0.15.0 |
Affected products
2- Range: v0.1.0, v0.10.0, v0.11.0, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-v3gr-w9gf-23cxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55009ghsaADVISORY
- github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6nvdWEB
- github.com/workos/authkit-remix/releases/tag/v0.15.0nvdWEB
- github.com/workos/authkit-remix/security/advisories/GHSA-v3gr-w9gf-23cxnvdWEB
- osv.dev/vulnerability/CVE-2025-55009ghsaWEB
- osv.dev/vulnerability/GHSA-v3gr-w9gf-23cxghsaWEB
News mentions
0No linked articles in our index yet.