Home

Description

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password.

PUBLISHED Reserved 2025-10-27 | Published 2025-10-31 | Updated 2025-11-03 | Assigner mitre

References

github.com/...er-Pearl-Group-Insufficient-Session-Expiration

cve.org (CVE-2025-63563)

nvd.nist.gov (CVE-2025-63563)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.