[MEDIUM] Craft CMS stores arbitrary content provided by unauthenticated users in session files

PKSA-ht16-h36v-hxc7 CVE-2025-35939 GHSA-7vrx-9684-xrf2

Affected package: craftcms/cms

Affected version: <4.15.3|>=5.0.0-alpha.1,<5.7.5

Reported by:
GitHub