What is the CVSS score of CVE-2025-24387?

CVE-2025-24387 has a CVSS 3.1 base score of 4.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Suse are affected by CVE-2025-24387?

Organizations using A vulnerability in OTRS Application Server should be aware of moderate risk from CVE-2025-24387 rated CVSS 4.8. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-24387?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Suse CVE-2025-24387

MEDIUM

Sensitive Cookie with Improper SameSite Attribute (CWE-1275)

2025-03-10 security@otrs.com

Information Disclosure Suse

4.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:50 vuln.today

CVE Published

Mar 10, 2025 - 10:15 nvd

MEDIUM 4.8

DescriptionNVD

A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.

This issue affects:

OTRS 7.0.X
OTRS 8.0.X
OTRS 2023.X
OTRS 2024.X
OTRS 2025.x

AnalysisAI

Technical ContextAI

Affects OTRS Application Server. A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation.

This issue affects:

OTRS 7.0.X
OTRS 8.0.X
OTRS 2023.X
OTRS 2024.X
OTRS 2025.x

Affected ProductsAI

Product: OTRS Application Server.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-24387 vulnerability details – vuln.today

Back