Home > Vulnerability Database > CVE-2025-64168

Mend.io Vulnerability Database

CVE-2025-64168

Good to know:

Date: October 31, 2025

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

Severity Score

7.1

Related Resources (4)

Url: https://github.com/agno-agi/agno

Url: https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64168

Url: https://www.mend.io/vulnerability-database/CVE-2025-64168

Severity Score

7.1

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

Upgrade Version

Upgrade to version agno - 2.2.2;https://github.com/agno-agi/agno.git - v2.2.2

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64168

Good to know:

Date: October 31, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?