CVE-2025-24973

Name of the Vulnerable Software and Affected Versions: Concorde versions prior to 12.25Q1.1

Description: The issue arises from an improper implementation of the logout process, causing authentication credentials to remain in cookies even after a user has explicitly logged out. This may allow an attacker to steal authentication tokens, potentially having devastating consequences if a user with admin privileges is or was using a shared device.

Recommendations: For versions prior to 12.25Q1.1, update to version 12.25Q1.1 to fix the issue. As a temporary workaround, clear cookies and site data in the browser after logging out. Users who have logged in on a shared device should go to Settings > Security and regenerate their login tokens.