CVE-2025-69602

{"id": "CVE-2025-69602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2026-01-28T19:16:24.017", "references": [{"url": "https://gist.github.com/Waqar-Arain/c8117308325a91b8f3b7829646915275", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from the same browser, allowing an attacker who can set or predict a session ID to potentially hijack an authenticated session."}, {"lang": "es", "value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n existe en 66biolinks v62.0.0 de AltumCode, donde la aplicaci\u00f3n no regenera el identificador de sesi\u00f3n despu\u00e9s de una autenticaci\u00f3n exitosa. Como resultado, el mismo valor de cookie de sesi\u00f3n se reutiliza para los usuarios que inician sesi\u00f3n desde el mismo navegador, permitiendo a un atacante que puede establecer o predecir un ID de sesi\u00f3n potencialmente secuestrar una sesi\u00f3n autenticada."}], "lastModified": "2026-02-09T17:24:55.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altumcode:66biolinks:62.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DE8E70F-E370-40E7-972E-461E17C2F91C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}