CVE-2025-55009

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning them from the authkitLoader. This caused them to be rendered into the browser HTML.

Assigner : security-advisories@github.com

More information : https://github.com/workos/authkit-remix/commit/20102afc74bf3dd5150a975a098067fb406b90b6