CVE-2025-21618

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 2.9.1

Description The issue concerns a session management problem in NiceGUI, a Python-based UI framework. Before version 2.9.1, authenticating with NiceGUI would log the user into all browsers, including those in incognito mode. This means that once a user logged in to one browser, all other browsers would also be logged in without requiring a password, even in incognito mode. The impact of this issue is considered high.

Recommendations For versions prior to 2.9.1, update to version 2.9.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information or using an alternative authentication method until the update can be applied.