How severe is CVE-2025-24390?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2025-24390?

This is classified as CWE-614, which is a common weakness in software security.

CVE-2025-24390

MEDIUM Year: 2025

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-614

View all →

Vulnerability Description

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X

CVE-2021-27764

MEDIUM

CVSS:6.5(Medium)

Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI)

CWE-6142021

CVE-2022-24045

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All ve...

CWE-6142022

CVE-2024-35211

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, wit...

CWE-6142024

CVE-2024-47833

MEDIUM

CVSS:6.5(Medium)

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure a...

CWE-6142024