CVE-2025-49189

Summary

The HttpOnlyflag of the session cookie "@@" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.

Affected Software

VendorProductVersion RangeStatus
SICK AGSICK Media Server0 < 1.5affected

Weaknesses

  • CWE-1004: CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References