CVE-2025-59335

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.5.11

Description CubeCart is an ecommerce software solution. Prior to version 6.5.11, user sessions do not automatically expire after a password change. This allows an attacker who has already compromised an account to maintain access even after the legitimate user changes their password, as the attacker’s session remains active until it naturally expires. This prevents the legitimate user from revoking the attacker’s access.

Recommendations Update to version 6.5.11 or later.