CNNVD-202512-4850 Information

CNNVD ID

CNNVD-202512-4850

Related CVE

CVE-2025-68948

• CNNVD Published: 2025-12-27

Description (Chinese)

SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 3.5.1及之前版本存在安全漏洞，该漏洞源于会话存储使用硬编码加密密钥，可能导致会话劫持。

Description (English)

SiYuan is an open-source, private, personal knowledge management system. SiYuan 3.5.1 and previous versions had a security loophole, which stemmed from the use of hard-coded encryption keys for the storage of sessions, which could lead to the hijacking of sessions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SiYuan

Published

2025-12-27

Last Modified

2026-02-24

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-f7ph-rc3w-qp28 https://access.redhat.com/security/cve/cve-2025-68948

Patch

https://github.com/siyuan-note/siyuan/releases