CVE-2025-52553

Name of the Vulnerable Software and Affected Versions: authentik versions prior to 2025.4.3 authentik versions prior to 2025.6.3

Description: The issue arises from the way authentik handles tokens after authorizing access to a RAC endpoint. A token is created for a single connection and sent to the client in the URL, but the check to ensure this token is only valid for the session of the user who authorized the connection is missing in affected versions. This could allow a malicious user to access the same session by copying the URL, for example, during a screenshare.

Recommendations: For versions prior to 2025.4.3 and 2025.6.3, as a temporary workaround, consider decreasing the duration a token is valid for by setting Connection expiry to minutes=5 in the RAC Provider settings. Enable the option Delete authorization on disconnect to minimize the risk of exploitation. Update to version 2025.4.3 or 2025.6.3 to resolve the issue.