Insufficient Session Expiration in Progress Software Corporation Sitefinity
CVE-2025-1968
7.7HIGH
What is CVE-2025-1968?
An Insufficient Session Expiration flaw exists in Progress Software Corporation's Sitefinity that could enable attackers to exploit reused session IDs, leading to potential session replay attacks. This vulnerability arises under specific conditions and affects multiple versions of Sitefinity between 14.0 and 15.2. System administrators should prioritize applying available patches and improving session management protocols to mitigate risks.
Affected Version(s)
Sitefinity 14.0 <= 14.3
Sitefinity 14.4 < 14.4.8145
Sitefinity 15.0 < 15.0.8231