CVE-2025-1968

EUVD-2025-10436
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
ProgressSoftwareCNA
7.7 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
progresssitefinity
14.0 ≤
𝑥
≤ 14.3
CNA
progresssitefinity
14.4 ≤
𝑥
< 14.4.8145
CNA
progresssitefinity
15.0 ≤
𝑥
< 15.0.8231
CNA
progresssitefinity
15.1 ≤
𝑥
< 15.1.8332
CNA
progresssitefinity
15.2 ≤
𝑥
< 15.2.8429
CNA
Common Weakness Enumeration
References
https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2025-1968-April-2025