CVE-2025-55009

Name of the Vulnerable Software and Affected Versions @workos-inc/authkit-remix versions 0.14.1 and below

Description The AuthKit library for Remix exposed sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader, causing them to be rendered into the browser HTML. This could lead to session hijacking in environments where cross-site scripting (XSS), malicious browser extensions, or local inspection is possible.

Recommendations Update to version 0.15.0 or later.