CVE-2025-0479

HIGH Year: 2025
Weakness Type
CWE-614
View all →

Vulnerability Description

This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmissions during an HTTP session on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and compromise the targeted system.

Related Vulnerabilities

CVE-2020-27651

HIGH
CVSS:8.1(High)

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepti...

CWE-6142020

CVE-2018-25060

HIGH
CVSS:7.5(High)

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to se...

CWE-6142018

CVE-2022-25151

HIGH
CVSS:7.5(High)

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker cou...

CWE-6142022

CVE-2022-3174

HIGH
CVSS:7.5(High)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.

CWE-6142022

CVE-2022-3251

HIGH
CVSS:7.5(High)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/minarca prior to 4.2.2.

CWE-6142022

CVE-2024-2493

HIGH
CVSS:7.5(High)

Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00.

CWE-6142024