Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay).
This issue affects Avantra: before 25.3.1.
AnalysisAI
Session replay weakness in syslink software AG's Avantra monitoring platform (versions before 25.3.1) on Linux and Windows allows remote attackers to reuse captured session identifiers because sessions are not properly expired. With CVSS 9.6 and scope change, an attacker who obtains a valid session ID can impersonate users and pivot into systems Avantra manages; no public exploit identified at time of analysis.
Technical ContextAI
Avantra is an SAP-focused IT operations and monitoring platform that orchestrates and surveils production landscapes, so its web session tokens grant privileged visibility and control into managed estates. The root cause is CWE-613 (Insufficient Session Expiration): once a session ID is issued, the server continues to honor it past the point where it should have been invalidated (e.g., after logout, timeout, or credential change), enabling session replay. The affected CPE is cpe:2.3:a:syslink_software_ag:avantra:*:*:*:*:*:*:*:* and the issue spans both Linux and Windows deployments of the same web application stack.
RemediationAI
Upgrade Avantra to version 25.3.1 or later, which is the vendor-released patch addressing the session expiration flaw, as documented at https://support.avantra.com/hc/en-us/articles/5533929912351. Until the upgrade is applied, restrict network reachability of the Avantra web interface to a management VLAN or VPN to limit who can capture and replay session tokens; force a global session/cookie reset and instruct users to log out and back in (with the side effect of disrupting active monitoring workflows briefly); and shorten any administratively configurable session timeout values, accepting the trade-off of more frequent re-authentication. Monitor authentication and session logs for the same session ID being used from multiple source IPs or after logout events, which is the primary indicator of replay abuse.
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31435
GHSA-rvw7-wx4g-rq78