CVE-2025-69602
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-02-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| altumcode | 66biolinks | 62.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a session fixation issue in 66biolinks v62.0.0 by AltumCode. The application fails to regenerate the session identifier after a user successfully logs in, causing the same session cookie to be reused for users logging in from the same browser. This allows an attacker who can set or predict a session ID to hijack an authenticated session.
How can this vulnerability impact me? :
An attacker who can set or predict a session ID can hijack an authenticated session, potentially gaining unauthorized access to a user's account and sensitive information within the application.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this session fixation vulnerability, ensure that the application regenerates the session identifier after successful authentication. This prevents reuse of the same session cookie value and reduces the risk of session hijacking.