Home > Vulnerability Database > CVE-2025-64100

Mend.io Vulnerability Database

CVE-2025-64100

Good to know:

Date: October 29, 2025

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage (CKAN uses cookie-based session storage by default). The attacker would need to either set a cookie on the victim's browser or steal the victim's currently valid session. Session identifiers are now regenerated after each login. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4

Severity Score

6.1

Related Resources (5)

Url: https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5

Url: https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q

Url: https://github.com/ckan/ckan

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64100

Url: https://www.mend.io/vulnerability-database/CVE-2025-64100

Severity Score

6.1

Weakness Type (CWE)

Session Fixation

CWE-384

Top Fix

Upgrade Version

Upgrade to version ckan - 2.10.9;ckan - 2.11.4;Ckan - 2.10.9;Ckan - 2.11.4;Ckan - 2.11.4;https://github.com/ckan/ckan.git - ckan-2.10.9;https://github.com/ckan/ckan.git - ckan-2.11.4

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64100

Good to know:

Date: October 29, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?