Miggo Logo

CVE-2025-30351: Suspended Directus user can continue to use session token to access API

3.5

CVSS Score
3.1

Basic Information

EPSS Score
0.11765%
Published
3/26/2025
Updated
3/27/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
directusnpm>= 10.10.0, < 11.15.011.15.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing user status checks during session token validation. While the actual patch adds session clearing mechanisms (clearUserSessions) and accountability tracking, the core vulnerability exists in verifySessionJWT which wasn't modified in the provided diff but is explicitly called out in the advisory. Runtime detection would focus on the token verification flow where user status isn't validated, making verifySessionJWT the primary vulnerable function visible in call stacks during exploitation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry Sin** t** us*r st*tus is not ****k** w**n v*ri*yin* * s*ssion tok*n * susp*n*** us*r **n us* t** tok*n **n*r*t** in s*ssion *ut* mo** to ****ss t** *PI **spit* t**ir st*tus. ### **t*ils T**r* is * ****k missin* in `v*ri*yS*ssionJWT` to v

Reasoning

T** vuln*r**ility st*ms *rom missin* us*r st*tus ****ks *urin* s*ssion tok*n v*li**tion. W*il* t** **tu*l p*t** ***s s*ssion *l**rin* m****nisms (`*l**rUs*rS*ssions`) *n* ***ount**ility tr**kin*, t** *or* vuln*r**ility *xists in `v*ri*yS*ssionJWT` w*
CVE-2025-30351: Directus Suspended User Bypass | Miggo