SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is stored within the session cookie, an attacker who intercepts or obtains a user's encrypted session cookie (e.g., via session hijacking) can locally decrypt it using the public key. Once decrypted, the attacker can retrieve the AccessAuthCode in plain text and use it to authenticate or take over the session.

Basic Information

ID CVE-2025-68948

Source GitHub_M

Published Dec 27, 2025 at 00:21

Affected Product

Vendor siyuan-note

Product siyuan

Version <= 3.5.1

Affected Versions siyuan-note siyuan <= 3.5.1

CWE Classification

CWE-321

References

github.com /siyuan-note/siyuan/security/advisories/GHSA-f7ph-rc3w-qp28

{
    "lastseen": "",
    "description": "SiYuan is self-hosted, open source personal knowledge management software. In versions 3.5.1 and prior, the SiYuan Note application utilizes a hardcoded cryptographic secret for its session store. This unsafe practice renders the session encryption ineffective. Since the sensitive AccessAuthCode is stored within the session cookie, an attacker who intercepts or obtains a user's encrypted session cookie (e.g., via session hijacking) can locally decrypt it using the public key. Once decrypted, the attacker can retrieve the AccessAuthCode in plain text and use it to authenticate or take over the session.",
    "published": "2025-12-27T00:21:31.864Z",
    "modified": "2025-12-27T00:21:31.864Z",
    "type": "cve",
    "title": "SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret",
    "source": "GitHub_M",
    "references": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f7ph-rc3w-qp28",
    "id": "CVE-2025-68948",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321"
    ],
    "cvelist": null,
    "sourceData": "siyuan-note siyuan <= 3.5.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "siyuan",
    "version": "<= 3.5.1",
    "vendor": "siyuan-note",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SiYuan: Information Disclosure and Authentication Bypass via Hardcoded Session Secret_CVE-2025-68948