7.7

CVE-2025-66035

Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerSiemens
Produkt RUGGEDCOM RST2428P
Default Statusunknown
Version 0
Version < V4.0
Status affected
HerstellerSiemens
Produkt SIDIS Prime
Default Statusunknown
Version 0
Version < V4.0.800
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.429
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 7.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-201 Insertion of Sensitive Information Into Sent Data

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
https://github.com/angular/angular/releases/tag/19.2.16
https://github.com/angular/angular/releases/tag/20.3.14
https://github.com/angular/angular/releases/tag/21.0.1
https://cert-portal.siemens.com/productcert/html/ssa-485750.html
https://cert-portal.siemens.com/productcert/html/ssa-253495.html