diff --git a/api/services/feature_service.py b/api/services/feature_service.py
index a53ac9d980..f38e1762d1 100644
--- a/api/services/feature_service.py
+++ b/api/services/feature_service.py
@@ -382,7 +382,7 @@ class FeatureService:
         # SECURITY NOTE: Only license *status* is exposed to unauthenticated callers
         # so the login page can detect an expired/inactive license after force-logout.
         # All other license details (expiry date, workspace usage) remain auth-gated.
-        # See CVE-2025-63387 for prior information-leakage context.
+        # This behavior reflects prior internal review of information-leakage risks.
         if license_info := enterprise_info.get("License"):
             features.license.status = LicenseStatus(license_info.get("status", LicenseStatus.INACTIVE))