CVE-2025-21618: NiceGUI On Air authentication issue

January 6, 2025

Once a user logins to one browser, all other browsers are logged in without entering password. Even incognito mode.

References

github.com/advisories/GHSA-v6jv-p6r8-j78w
github.com/zauberzeug/nicegui
github.com/zauberzeug/nicegui/commit/1621a4ba6a06676b8094362d36623551e651adc1
github.com/zauberzeug/nicegui/security/advisories/GHSA-v6jv-p6r8-j78w
nvd.nist.gov/vuln/detail/CVE-2025-21618

Code Behaviors & Features

Detect and mitigate CVE-2025-21618 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →