CVE-2025-1968
Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
We have discovered 977 live websites that are affected by CVE-2025-1968.
Affected Software
| Product |  Sitefinity |
| Category | Content Management System |
| Vulnerable Domains | 977 live websites (26% of Sitefinity install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 66 versions ( 28% of all versions) |
Common Weakness Enumeration
CWE-613 Insufficient Session ExpirationDetails
- Published - Apr 9, 2025
- Updated - May 2, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-1968 United States | 748 websites |
 Canada | 46 websites |
 Saudi Arabia | 35 websites |
 GB | 17 websites |
 Singapore | 14 websites |
 Australia | 12 websites |
 Italy | 12 websites |
 Chile | 11 websites |
 United Arab Emirates | 9 websites |
 Netherlands | 9 websites |
Website Distribution by TLD
Number of websites using CVE-2025-1968| .com | 517 websites |
| .org | 186 websites |
| .ca | 37 websites |
| .com.au | 17 websites |
| .net | 13 websites |
| .it | 12 websites |
| .edu | 12 websites |
| .nl | 10 websites |
| .co.uk | 10 websites |
| .cn | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-1968
Top websites that are affected by CVE-2025-1968. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.com | United States | *,*** | |
| *******.***.gov | United States | **,*** | |
| ************.com | United States | **,*** | |
| *****.org | United States | **,*** | |
| *****.********.gov | United States | **,*** | |
| ****.gov | United States | **,*** | |
| ****.****.it | Italy | **,*** | |
| ********.com | United States | **,*** | |
| ***.********.gov | United States | **,*** | |
| ***********.org | United States | **,*** |
FAQ
CVE-2025-1968 is Insufficient Session Expiration in Sitefinity
A total of 977 websites have been identified as vulnerable to CVE-2025-1968, based on global website indexing conducted by WebTechSurvey.
The Sitefinity is affected by the CVE-2025-1968 vulnerability.
Sitefinity versions up to 15.2.8429 are vulnerable to CVE-2025-1968.
CVE-2025-1968 is resolved in version 15.2.8429 of Sitefinity.