CKAN Session Fixation Vulnerability CVE-2025-XXXXX (Moderate)

By /

Listen to this Post

The CVE-2025-XXXXX vulnerability in CKAN is a session fixation issue that occurs when the software is configured to use server-side session storage instead of the default cookie-based storage. In this flawed state, the application does not generate a new session identifier after a user successfully authenticates. An attacker can exploit this by first obtaining a valid session ID from the application. The attacker then tricks a victim into logging into the application using this attacker-known session ID, typically by setting a cookie on the victim’s browser via a malicious link. Once the victim completes the login, the session is elevated to an authenticated state, but it remains tied to the original, fixed identifier known to the attacker. The attacker can subsequently use that known session ID to hijack the victim’s authenticated session and impersonate them, gaining unauthorized access to their data and privileges within the CKAN instance.
Platform: CKAN
Version: >=2.10.0,<2.10.9 >=2.11.0,<2.11.4
Vulnerability : Session Fixation
Severity: Moderate
date: 2025-10-29

Prediction: 2025-11-05

What Undercode Say:

curl -I http://ckan-instance.com/login
grep -r "beaker.session.type" /etc/ckan/
python -c "import hashlib; print(hashlib.sha1(b'sessionid').hexdigest())"

Example flawed login logic (conceptual)
def user_login():
... authentication happens ...
if not request.cookies.get('session_id'):
Session is only created if it doesn't exist, allowing fixation
session['user_id'] = authenticated_user.id
Correct logic should ALWAYS regenerate session ID on login
session.regenerate()

How Exploit:

Attacker obtains valid session.

Forces victim’s browser to use it.

Victim logs in.

Attacker hijacks the authenticated session.

Protection from this CVE

Upgrade to CKAN 2.10.9 or 2.11.4.

Ensure `beaker.session.type` is ‘cookie’.

Application must regenerate session ID post-authentication.

Impact:

Session Hijacking

Unauthorized Data Access

Privilege Escalation

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top