PT-2025-15694 · Progress · Sitefinity
Published
2025-04-09
·
Updated
2025-04-14
·
CVE-2025-1968
CVSS v3.1
7.7
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions:
Sitefinity versions 14.0 through 14.3
Sitefinity versions 14.4 before 14.4.8145
Sitefinity versions 15.0 before 15.0.8231
Sitefinity versions 15.1 before 15.1.8332
Sitefinity versions 15.2 before 15.2.8429
Description:
The issue is related to an Insufficient Session Expiration vulnerability, which under specific and uncommon circumstances allows reusing Session IDs, also known as Session Replay Attacks.
Recommendations:
For versions 14.0 through 14.3, update to a version after 14.3.
For version 14.4, update to version 14.4.8145 or later.
For version 15.0, update to version 15.0.8231 or later.
For version 15.1, update to version 15.1.8332 or later.
For version 15.2, update to version 15.2.8429 or later.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitefinity