Insufficient Session Expiration in Progress Software Corporation Sitefinity
CVE-2025-1968

7.7HIGH

Key Information:

Vendor

Progress Software
Status
Sitefinity
Vendor
CVE Published:
9 April 2025

What is CVE-2025-1968?

An Insufficient Session Expiration flaw exists in Progress Software Corporation's Sitefinity that could enable attackers to exploit reused session IDs, leading to potential session replay attacks. This vulnerability arises under specific conditions and affects multiple versions of Sitefinity between 14.0 and 15.2. System administrators should prioritize applying available patches and improving session management protocols to mitigate risks.

Affected Version(s)

Sitefinity 14.0 <= 14.3

Sitefinity 14.4 < 14.4.8145

Sitefinity 15.0 < 15.0.8231

References

https://community.progress.com/s/article/Sitefinity-Secur...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.