CVE-2025-53861

Low CVSS 3.1

Overview

A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data.

CWE: CWE-319 Published: 2025-07-11T13:15:59.160

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.1 (LOW)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags