CVE-2025-64168
📋 TL;DR
A race condition vulnerability in Agno multi-agent framework versions 2.0.0 through 2.2.1 allows session state data to be incorrectly assigned between user sessions under high concurrency. This can expose one user's session data to another user. All deployments using affected Agno versions with session_state parameters in run/arun calls are vulnerable.
💻 Affected Systems
- Agno multi-agent framework
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sensitive user data (authentication tokens, personal information, conversation history) from one session is exposed to another user, potentially leading to account takeover, data breaches, and privacy violations.
Likely Case
Intermittent session data leakage between concurrent users, causing data integrity issues and potential exposure of non-critical session information.
If Mitigated
Limited impact with proper session isolation controls and monitoring, though race conditions may still cause application errors.
🎯 Exploit Status
Exploitation requires triggering the race condition through concurrent requests and understanding the session_state parameter usage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.2
Vendor Advisory: https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm
Restart Required: Yes
Instructions:
1. Update Agno to version 2.2.2 or later using pip: pip install --upgrade agno>=2.2.2
2. Restart all Agno services and applications
3. Verify the update with: pip show agno
🔧 Temporary Workarounds
Disable session_state parameter
allAvoid passing session_state parameter to Agent or Team run/arun calls until patched
Modify code to remove session_state parameter from Agent/Team calls
Limit concurrency
allReduce concurrent requests to minimize race condition probability
Implement rate limiting or reduce worker threads/processes
🧯 If You Can't Patch
- Implement strict session isolation at application layer with separate session stores
- Add monitoring for session ID mismatches and anomalous session access patterns
🔍 How to Verify
Check if Vulnerable:
Check Agno version: pip show agno | grep Version. If version is between 2.0.0 and 2.2.1 inclusive, and code uses session_state parameter, system is vulnerable.Check Version:
pip show agno | grep VersionVerify Fix Applied:
Confirm version is 2.2.2 or higher: pip show agno | grep Version. Test with concurrent requests using session_state to ensure no data leakage.📡 Detection & Monitoring
Log Indicators:
- Multiple concurrent requests with session_state parameter
- Session ID mismatches in application logs
- Unexpected session data access patterns
Network Indicators:
- High concurrent requests to Agno endpoints with session parameters
- Unusual session switching patterns
SIEM Query:
source="agno_logs" AND ("session_state" OR "concurrent") | stats count by session_id, user_id