CVE-2025-24390

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 8.0.X OTRS versions 2023.X through 2024.X

Description The issue is related to a vulnerability in the OTRS Application Server and reverse proxy settings, which allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This can enable a remote attacker to hijack sessions.

Recommendations For OTRS versions 7.0.X, update the reverse proxy settings to include the necessary attributes for sensitive cookie settings. For OTRS versions 8.0.X, ensure that the HTTPS sessions have the correct attributes set for sensitive cookies. For OTRS versions 2023.X and 2024.X, apply the recommended configuration changes to the reverse proxy settings to mitigate the issue. As a temporary workaround, consider restricting access to sensitive areas of the application until the issue is fully resolved.