High severity7.1OSV Advisory· Published Oct 31, 2025· Updated Apr 15, 2026

CVE-2025-64168

Description

Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
agnoPyPI	>= 2.0.0, < 2.2.2	2.2.2

Affected products

Agno Agi/AgnoOSV
Range: v2.0.0, v2.0.1, v2.0.10, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vw84-hprm-cxmmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-64168ghsaADVISORY
github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmmnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000