Unrated severityNVD Advisory· Published Mar 10, 2025· Updated Mar 10, 2025
Missing CSRF protection
CVE-2025-24387
Description
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.
This issue affects:
- OTRS 7.0.X
- OTRS 8.0.X
- OTRS 2023.X
- OTRS 2024.X
- OTRS 2025.x
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.