CVE-2025-56643

Name of the Vulnerable Software and Affected Versions Wiki.js version 2.5.307

Description Wiki.js does not properly revoke or invalidate active JWT tokens when a user logs out. This allows previously issued tokens to remain valid and be reused to access the system, even after logout. The issue impacts session integrity and could allow unauthorized access if a token is compromised. The problem exists in the authentication resolver logic, affecting the GraphQL endpoint and the logout mechanism.

Recommendations Update to a newer version that contains a fix for this vulnerability.