diff --git a/website/docs/security/cves/CVE-2025-29928.md b/website/docs/security/cves/CVE-2025-29928.md
index 9dd23e6373..e91ca5c57a 100644
--- a/website/docs/security/cves/CVE-2025-29928.md
+++ b/website/docs/security/cves/CVE-2025-29928.md
@@ -8,6 +8,8 @@ When authentik was configured to use the database for session storage (which is
 
 This also affects automatic session deletion when a user is set to inactive or a user is deleted.
 
+The session backend is configured via [this](../../install-config/configuration/configuration.mdx#authentik_session_storage) setting; if this settings isn't set the sessions are stored in the cache (Redis), which is not affected by this.
+
 ### Patches
 
 authentik 2025.2.3 and 2024.12.4 fix this issue.