How severe is CVE-2025-24387?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-24387?

This is classified as CWE-1275, which is a common weakness in software security.

CVE-2025-24387 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * OTRS 2025.x

Related Vulnerabilities

CVE-2022-38386

MEDIUM

CVSS:5.9(Medium)

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow a...

CWE-12752022

CVE-2024-30155

MEDIUM

CVSS:5.5(Medium)

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CWE-12752024

CVE-2024-42212

MEDIUM

CVSS:5.4(Medium)

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery (CSRF) attacks, where a malicious site could trick a user's browser into mak...

CWE-12752024

CVE-2024-6611

CRITICAL

CVSS:9.8(Critical)

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.

CWE-12752024

CVE-2022-38386

MEDIUM

CVSS:5.9(Medium)

CWE-12752022

CVE-2024-30155

MEDIUM

CVSS:5.5(Medium)

HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).

CWE-12752024