M0Xr4

**Name of the Vulnerable Software and Affected Versions** Symphony versions prior to 5.4.47 Symphony versions prior to 6.4.15 Symphony versions prior to 7.1.8 **Description** The vulnerability is related to the authentication process in the Symphony PHP framework. When consuming a persisted remember-me cookie, the framework does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This issue can be exploited by a remote attacker to bypass security restrictions. **Recommendations** For versions prior to 5.4.47, update to version 5.4.47 or later. For versions prior to 6.4.15, update to version 6.4.15 or later. For versions prior to 7.1.8, update to version 7.1.8 or later. As a temporary workaround, consider disabling the use of remember-me cookies until a patch is applied. Restrict access to the `PersistentRememberMeHandler` class to minimize the risk of exploitation.