CVE Alert: CVE-2025-10228 – Rolantis Information Technologies – Agentis

Risk verdict

High risk of session hijacking in Agentis prior to 4.44; exploitation would require user interaction, and there are no confirmed active exploits in the current signals.

Why this matters

Session fixation can enable account takeovers and persistent access after login, especially where users operate privileged or sensitive sessions. The combination of network-based access and high impact on confidentiality, integrity, and availability elevates potential business disruption and data exposure, even with no initial foothold.

Most likely attack path

An attacker could lure a user to interact with a crafted session initiation flow over the network, triggering session fixation. With no privileges required and user interaction as the barrier, an adversary could hijack or reuse a session token once the user authenticates, enabling lateral movement or data access within affected environments.

Who is most exposed

Organisations deploying Agentis on endpoints or in user-facing contexts prior to 4.44, particularly where employees frequently access remote or cloud resources. Environments with mixed VDI/endpoint deployments and limited token hygiene are at higher risk.

Detection ideas

• Sudden, unusual session creation or token regeneration events around login.
• Multiple concurrent sessions from the same user within short timeframes.
• Anomalous login prompts or redirects after clicking links or opening prompts.
• Unexpected token reuse or reissued session IDs post-authentication.
• Logs showing network-originated session initiation from atypical endpoints.

Mitigation and prioritisation

• Patch to 4.44 or later; verify deployment across all endpoints.
• Enforce strict session management: token rotation on login, disable fixed sessions, and force logouts after token expiry.
• Add MFA, device binding, and enhanced login controls to deter hijacking.
• Validate change-management plans in a test/staging environment before broad rollout.
• If KEV or EPSS indicators emerge, treat as priority 1; otherwise, prioritise swiftly given high impact and CVSS-relevant factors.