Home
HIGH: 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LDefault status
unaffected
14.0 (custom)
affected
14.4 (custom) before 14.4.8145
affected
15.0 (custom) before 15.0.8231
affected
15.1 (custom) before 15.1.8332
affected
15.2 (custom) before 15.2.8429
affected
Description
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
Problem types
CWE-613: Insufficient Session Expiration
Product status
14.0 (custom)
14.4 (custom) before 14.4.8145
15.0 (custom) before 15.0.8231
15.1 (custom) before 15.1.8332
15.2 (custom) before 15.2.8429
References
community.progress.com/...erability-CVE-2025-1968-April-2025