ByteOS Network

NVD Vulnerability Details :

CVE-2025-64100

Awaiting Analysis

Source-security-advisories@github.com

Published At-29 Oct, 2025 | 18:15

Updated At-30 Oct, 2025 | 15:03

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-384	Primary	security-advisories@github.com

CWE ID: CWE-384

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5	security-advisories@github.com	N/A
https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q	security-advisories@github.com	N/A

Hyperlink: https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History