CVE-2025-1968

Summary

Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.

Affected Software

VendorProductVersion RangeStatus
Progress Software CorporationSitefinity14.0 <= 14.3affected
Progress Software CorporationSitefinity14.4 < 14.4.8145affected
Progress Software CorporationSitefinity15.0 < 15.0.8231affected
Progress Software CorporationSitefinity15.1 < 15.1.8332affected
Progress Software CorporationSitefinity15.2 < 15.2.8429affected

Weaknesses

  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References