CVE-2025-64168
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-31

Last updated on: 2025-11-04

Assigner: GitHub, Inc.

Description
Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-31
Last Modified
2025-11-04
Generated
2026-06-16
AI Q&A
2025-11-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64168
EUVD
EUVD-2025-37370
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
agno agno 2.0.0
agno agno 2.2.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-64168 is a race condition vulnerability in the Python package 'agno' versions 2.0.0 to before 2.2.2. Under high concurrency, when the session_state object is passed to Agent or Team components during run or arun calls, the session_state can be incorrectly assigned and persisted to the wrong user session. This means that data from one user's session could be exposed to another user, violating confidentiality. The issue arises due to improper synchronization of concurrent execution and affects the security boundary of the application. It has been fixed in version 2.2.2. [1]

Impact Analysis

This vulnerability can lead to exposure of one user's session data to another user, compromising confidentiality. An attacker could potentially access sensitive information from other users' sessions. The impact is high on confidentiality, low on integrity, and none on availability. It requires network access and low privileges but has high attack complexity. This could result in unauthorized data disclosure and privacy breaches. [1]

Compliance Impact

This vulnerability can negatively affect compliance with data protection standards and regulations such as GDPR and HIPAA because it can lead to unauthorized exposure of personal or sensitive user data between sessions. Such data breaches violate confidentiality requirements mandated by these regulations, potentially resulting in legal and financial consequences for affected organizations. [1]

Detection Guidance

Detection involves identifying if your system is running a vulnerable version of the agno package (versions >2.0.0 and <2.2.2). You can check the installed version using the command `pip show agno` or `pip list | grep agno`. Since the vulnerability occurs under high concurrency during run or arun calls with session_state, monitoring logs or application behavior for session data leakage or race conditions may help, but no specific detection commands are provided. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the agno package to version 2.2.2 or later using the command `pip install -U agno`. This patch resolves the race condition causing session_state to be assigned incorrectly and prevents user data exposure. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart