CVE-2025-64168 — HIGH (7.1)

Vulnerability Description

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-668 CWE-362

References

https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm

FAQ

What is CVE-2025-64168?

CVE-2025-64168 is a vulnerability with a CVSS score of 7.1 (HIGH). Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition...

How severe is CVE-2025-64168?

CVE-2025-64168 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-64168?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.