CVE-2025-56643 - Wiki.js 2.5.307 JWT Session Vulnerability Description: Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. Affected Product: Wiki.js - version 2.5.307 Affected Component: GraphQL API endpoint ( ), Authentication module, JWT session management, logout logic (UI and backend). Impact: Allows reuse of previously issued JWT tokens after logout, compromising session validity and user authentication. Vulnerability Type: CWE-613: Insufficient Session Expiration Attack Vector: Remote - An attacker with access to a previously issued token can continue using it after logout to perform authenticated actions. Discoverer: Patrick C. Luis Miguel Pazmiño Ali MS. Reference: CVE-2025-56643 (MITRE Record) Wiki.js Official Site