CVE-2025-64168: 
Python vulnerability analysis and mitigation

CVE-2025-64168 affects Agno, a multi-agent framework, runtime and control plane, versions 2.0.0 to 2.2.2. The vulnerability was discovered and disclosed on October 31, 2025. The issue involves a race condition that occurs during high concurrency scenarios when session_state is passed to Agent or Team components during run or arun calls (GitHub Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (High), with a vector string of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N. The issue is classified under CWE-362 (Race Condition) and CWE-668 (Exposure of Resource to Wrong Sphere). The root cause is insufficient synchronization of shared resources during concurrent execution, specifically involving shared instance variables used for storing tool definitions (Miggo, GitHub Advisory).

When exploited, this vulnerability can cause session_state to be assigned and persisted to incorrect sessions, potentially exposing user data from one session to another user. This creates a significant privacy concern as sensitive information could be leaked between different users' sessions (GitHub Advisory, Miggo).

The vulnerability has been patched in version 2.2.2 of Agno. Users are advised to upgrade to this version using the command 'pip install -U agno'. The fix involves refactoring the tool handling logic to process tools as local variables within the scope of each run or arun call, rather than storing them in shared instance variables (GitHub Advisory).