Vulnerability in Strapi
CVE-2025-3930
Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date (which is…
EPSS: 0.006 (46.1th percentile) — read the EPSS interpretation.
Affected products
- Strapi — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)
- cvd@cert.pl (product)
- cvd@cert.pl (vendor-advisory)