Login Sign Up

CVE-2025-27453

5.3 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows client-side scripts (like JavaScript) to access the PHPSESSION cookie because the HttpOnly flag is disabled. This affects web applications that use PHP sessions without proper cookie security settings, potentially exposing session tokens to cross-site scripting (XSS) attacks.

💻 Affected Systems

Products:
  • SICK products using PHP sessions
Versions: Specific versions unknown from CVE data
Operating Systems: All platforms running affected PHP applications
Default Config Vulnerable: ⚠️ Yes
Notes: Affects PHP applications where session.cookie_httponly is set to false or not configured

📦 What is this software?

Meac300 Fnade4 Firmware by Endress

View all CVEs affecting Meac300 Fnade4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies via XSS, leading to full account takeover, unauthorized access to sensitive data, and potential lateral movement within the application.

🟠

Likely Case

Session hijacking through XSS attacks where attackers capture valid session tokens to impersonate legitimate users.

🟢

If Mitigated

Limited impact if XSS vulnerabilities are already patched and other security controls like CSRF tokens are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires existing XSS vulnerability to exploit; cookie theft is straightforward once XSS is present

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown from provided references

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Apply vendor patch from SICK PSIRT. 2. Restart web server. 3. Verify HttpOnly flag is enabled in session cookies.

🔧 Temporary Workarounds

Enable HttpOnly flag in PHP configuration

all

Configure PHP to set HttpOnly flag on session cookies

session.cookie_httponly = 1 in php.ini

Set HttpOnly flag via session_set_cookie_params

all

Programmatically set HttpOnly flag in PHP code

session_set_cookie_params(0, '/', '', true, true);

🧯 If You Can't Patch

  • Implement Content Security Policy (CSP) to mitigate XSS attacks
  • Use additional session security measures like short session timeouts and IP binding

🔍 How to Verify

Check if Vulnerable:

Inspect browser developer tools to check if PHPSESSION cookie has HttpOnly flag set to false

Check Version:

php -v to check PHP version; consult vendor documentation for product versions

Verify Fix Applied:

Verify PHPSESSION cookie shows 'HttpOnly' attribute in browser developer tools after fix

📡 Detection & Monitoring

Log Indicators:

  • Multiple session creations from same user in short time
  • Session IDs appearing in client-side error logs

Network Indicators:

  • Unexpected JavaScript making document.cookie calls
  • Session tokens transmitted in cleartext

SIEM Query:

source="web_logs" AND (cookie="PHPSESSION" AND NOT http_only)

📊 Metadata

CVE ID: CVE-2025-27453
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-1004
EPSS Score: 0.07% exploit probability (20.4th percentile)
Published: July 3, 2025
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27453, you might also want to check these:

CVE-2025-26844 9.8

This vulnerability in Znuny (formerly OTRS) allows attackers to steal session cookies via cross-site...

Same vulnerability type (CWE-1004)
CVE-2021-42115 8.1

This vulnerability allows unauthenticated remote attackers to steal session-independent static cooki...

Same vulnerability type (CWE-1004)
CVE-2024-41685 7.5

This vulnerability in SyroTech SY-GPON-1110-WDONT routers allows attackers to steal session cookies ...

Same vulnerability type (CWE-1004)