VYPR
Unrated severityNVD Advisory· Published Mar 10, 2025· Updated Mar 10, 2025

Missing CSRF protection

CVE-2025-24387

Description

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.

This issue affects:

  • OTRS 7.0.X
  • OTRS 8.0.X
  • OTRS 2023.X
  • OTRS 2024.X
  • OTRS 2025.x

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OTRS/Otrsllm-fuzzy2 versions
    7.0.X, 8.0.X, 2023.X, 2024.X, 2025.x+ 1 more
    • (no CPE)range: 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.x
    • (no CPE)range: 7.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.