CVE-2025-10228 - Vulnerability Details - OpenCVE

Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Rolantis Information Technologies	Agentis

No data.

No data.

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-25-0336

History

Mon, 20 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rolantis Information Technologies Rolantis Information Technologies agentis
Vendors & Products		Rolantis Information Technologies Rolantis Information Technologies agentis

Tue, 14 Oct 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Oct 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44.
Title		Session Hijacking in Rolantis Information Technologies' Agentis
Weaknesses		CWE-384
References		https://www.usom.gov.tr/bildirim/tr-25-0336
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2025-10-14T09:20:38.638Z

Updated: 2025-10-14T15:30:57.503Z

Reserved: 2025-09-10T12:39:19.402Z

Link: CVE-2025-10228

Vulnrichment

Updated: 2025-10-14T15:30:53.611Z

NVD

Status : Awaiting Analysis

Published: 2025-10-14T10:15:35.127

Modified: 2025-10-14T19:36:29.240

Link: CVE-2025-10228

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10228", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2025-09-10T12:39:19.402Z", "datePublished": "2025-10-14T09:20:38.638Z", "dateUpdated": "2025-10-14T15:30:57.503Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Agentis", "vendor": "Rolantis Information Technologies", "versions": [{"lessThan": "4.44", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Onurcan GEN\u00c7"}], "datePublic": "2025-10-14T09:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.<p>This issue affects Agentis: before 4.44.</p>"}], "value": "Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44."}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-14T09:20:38.638Z"}, "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0336"}], "source": {"advisory": "TR-25-0336", "defect": ["TR-25-0336"], "discovery": "UNKNOWN"}, "title": "Session Hijacking in Rolantis Information Technologies' Agentis", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T15:30:48.180825Z", "id": "CVE-2025-10228", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T15:30:57.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T15:30:48.180825Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T15:30:53.611Z"}}], "cna": {"title": "Session Hijacking in Rolantis Information Technologies' Agentis", "source": {"defect": ["TR-25-0336"], "advisory": "TR-25-0336", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Onurcan GEN\u00c7"}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593 Session Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rolantis Information Technologies", "product": "Agentis", "versions": [{"status": "affected", "version": "0", "lessThan": "4.44", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-10-14T09:16:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0336"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44.", "supportingMedia": [{"type": "text/html", "value": "Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.<p>This issue affects Agentis: before 4.44.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-384", "description": "CWE-384 Session Fixation"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2025-10-14T09:20:38.638Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10228", "state": "PUBLISHED", "dateUpdated": "2025-10-14T15:30:57.503Z", "dateReserved": "2025-09-10T12:39:19.402Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2025-10-14T09:20:38.638Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.1"}