CVE-2025-22493

Published Mar 5, 2025

Last updated a month ago

CVSS medium 5.6

Overview

Description
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100.
Source
CybersecurityCOE@eaton.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.6
Impact score
4.7
Exploitability score
0.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Severity
MEDIUM

Weaknesses

CybersecurityCOE@eaton.com
CWE-319

Social media

Hype score
Not currently trending

  1. CVE-2025-22493 Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmi… https://t.co/jTN78hftP4

    @CVEnew

    6 Mar 2025

    140 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References