On September 4, 2025, the CILogon PHP web front-end had an unannounced update to address an SQL injection vulnerability in the ODBC StorageService of the Shibboleth Service Provider (SP) software. CILogon uses the ODBC plugin to store Shib SP sessions. During this update, services were restarted; users with in-progress login attempts may have experienced issues necessitating a second login attempt.