PT-2025-44340 · Ckan · Ckan

Published

2025-10-29

Updated

2025-10-29

CVE-2025-64100

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.9 CKAN versions prior to 2.11.4

Description CKAN, an open-source data management system, is affected by an issue where session identifiers could be predictable by an attacker if the system is configured to use server-side session storage. An attacker could exploit this to set a cookie on a victim’s browser or steal a valid session. The issue is addressed by regenerating session identifiers after each login.

Recommendations Update CKAN to version 2.10.9 or later. Update CKAN to version 2.11.4 or later.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2025-64100

GHSA-2HVH-CW5C-8Q8Q

Affected Products

Ckan

PT-2025-44340 · Ckan · Ckan

CVE-2025-64100

Weakness Enumeration

Related Identifiers

Affected Products

References · 10