CVE-2025-64100
CKAN (open-source data management system) is vulnerable to session fixation prior to versions 2.10.9 and 2.11.4 when server-side session storage is configured (CKAN uses cookie-based storage by default). An attacker could fix a victim's session ID by setting a cookie or stealing a valid session. ...