Primary

Context

syslink Software AG Avantra Insufficient Session Expiration Vulnerability Allowing Session Replay

Vulnerability

Patched

A vulnerability exists in syslink Software AG Avantra on Linux and Windows platforms, prior to version 25.3.1, due to insufficient session expiration. This flaw allows for session ID reuse, commonly referred to as session replay.

Impact

Exploitation of this vulnerability could lead to unauthorized reuse of session IDs, allowing for session hijacking through session replay attacks.

Remediation

Users are advised to upgrade to version 25.3.1 or above. For those on version 25.1.x or earlier, disable the Web.http-server option in the Avantra Master settings and restart the Master. If on version 25.2.1 through 25.3.0, the Web.http-server toggle is unavailable; instead, firewall port 9058 or redirect the Web.http-port to a blocked port, then restart the Master. Users on version 25.3.1 or above need not take any action.

Added: May 26, 2026, 9:29 PM

Updated: May 26, 2026, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

0.0

relevance

9.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.4

remediation

0.0

relevance

9.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

syslink Software AG Avantra Insufficient Session Expiration Vulnerability Allowing Session Replay

Vulnerability

Impact

Remediation

Affected Products

syslink software AG Avantra

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating