Insufficient Session Expiration in Progress Software Corporation Sitefinity
CVE-2025-1968

7.7HIGH

Key Information:

Vendor: Progress Software
Status: Sitefinity
Vendor: CVE Published:; 9 April 2025

Summary

An Insufficient Session Expiration flaw exists in Progress Software Corporation's Sitefinity that could enable attackers to exploit reused session IDs, leading to potential session replay attacks. This vulnerability arises under specific conditions and affects multiple versions of Sitefinity between 14.0 and 15.2. System administrators should prioritize applying available patches and improving session management protocols to mitigate risks.

Affected Version(s)

Sitefinity 14.0 <= 14.3

Sitefinity 14.4 < 14.4.8145

Sitefinity 15.0 < 15.0.8231

References

https://community.progress.com/s/article/Sitefinity-Secur...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Mar 4, 2025