Workos · Authkit · CVE-2025-55009
**Name of the Vulnerable Software and Affected Versions**
@workos-inc/authkit-remix versions 0.14.1 and below
**Description**
The AuthKit library for Remix exposed sensitive authentication artifacts – specifically `sealedSession` and `accessToken` – by returning them from the `authkitLoader`, causing them to be rendered into the browser HTML. This could lead to session hijacking in environments where cross-site scripting (XSS), malicious browser extensions, or local inspection is possible.
**Recommendations**
Update to version 0.15.0 or later.