Base weakness
Incomplete
CWE-613: Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Last updated
360
Recorded CVEs
With this primary weakness
0
KEVs
In the CISA KEV catalog
Not rated
Likelihood of exploit
Per MITRE
Base
Abstraction
MITRE classification
Overview
CWE-613 (Insufficient Session Expiration) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
360 recorded CVEs are caused by CWE-613 (Insufficient Session Expiration). The highest-severity and most recent are shown first. 87 new CWE-613 CVEs have been recorded so far in 2026 (83 in 2025).
- CVE-2024-8888Critical · CVSS 10.0 · EPSS 51th2024-09-18
- CVE-2025-59841
FlagForgeCTF's Improper Session Handling Allows Access After Logout
Critical · CVSS 9.8 · EPSS 26th2025-09-25 - CVE-2024-13280
Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044
Critical · CVSS 9.8 · EPSS 47th2025-01-09