Gatling: Security Vulnerabilities
In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-06
In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-08-06