Is ckan affected by CVE-2025-64100?

PyPI ckan is affected in >=2.10.0 =2.11.0 <2.11.4.

Is CVE-2025-64100 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2025-64100

Q: Is CVE-2025-64100 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · ckan

Summary

CKAN vulnerable to fixed session IDs

Severity: medium
EPSS: 0.2% (p15)
Also known as: GHSA-2hvh-cw5c-8q8q
Published: 2025-10-29

References

https://github.com/ckan/ckan/security/advisories/GHSA-2hvh-cw5c-8q8q
https://nvd.nist.gov/vuln/detail/CVE-2025-64100
https://github.com/ckan/ckan/commit/c2fe437f88be850a6edf7a32470772428819fab5

Related advisories

CVE-2026-42031 — high · PyPI/ckan
CVE-2025-24372 — high · PyPI/ckan
CVE-2026-42032 — medium · PyPI/ckan
CVE-2026-41255 — medium · PyPI/ckan
CVE-2026-41132 — medium · PyPI/ckan
CVE-2025-54384 — medium · PyPI/ckan

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.