CVE-2025-27453

Summary

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

Affected Software

VendorProductVersion RangeStatus
Endress+HauserEndress+Hauser MEAC300-FNADE40 <= <=0.16.0affected
Endress+HauserEndress+Hauser MEAC300-FNADE4>=0.17.0unaffected

Weaknesses

  • CWE-1004: CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References