← Back

CVE-2025-27453

nvd nist
Published: Jul 3, 2025Modified: Jan 29, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.

Affected (1)

Endress
1 product
Meac300 Fnade4 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Meac300 Fnade4 Firmware
Up to 0.16.0
Running on/withPlatform Versions
Endress
Meac300 Fnade4
All versions

Related CWEs

CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

References (7)

Source: psirt@sick.de
Vendor Advisory
Source: psirt@sick.de
Vendor Advisory
Source: psirt@sick.de
US Government Resource
Source: psirt@sick.de
Product
Source: psirt@sick.de
Not Applicable
Source: psirt@sick.de
Vendor Advisory
Source: psirt@sick.de
Vendor Advisory

Timeline

No history available yet.