Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain

Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain

Posted on By CWS

A vital safety vulnerability has been found within the Angular framework that might enable attackers to steal delicate person safety tokens.

The vulnerability, tracked as CVE-2025-66035, impacts the Angular HttpClient and includes the unintentional leakage of Cross-Web site Request Forgery (XSRF) tokens.

Angular functions use a built-in safety mechanism to stop Cross-Web site Request Forgery (CSRF) assaults.

Angular HTTP Consumer Vulnerability

This technique works by assigning a secret “token” to a person’s session. At any time when the appliance sends a request to the server, it consists of this token to show the request is official.

The flaw lies in Angular’s dedication of whether or not a request is secure. The system checks vacation spot URLs to find out whether or not to connect this secret token.

Sadly, the logic incorrectly recognized URLs beginning with // (protocol-relative URLs) as “same-origin” or native requests.

FieldValueCVE IDCVE-2025-66035Vulnerability TypeCredential Leak / XSRF Token ExposureCVSS Score7.5 Assault VectorNetworkCWE IdentifiersCWE-201 (Insertion of Delicate Data Into Despatched Knowledge), CWE-359 (Publicity of Personal Private Data)ImpactAllows attackers to seize XSRF tokens and bypass CSRF protections to carry out unauthorized actions on behalf of victims

Suppose a developer inadvertently makes use of a protocol-relative URL (e.g., //attacker.com) in an HTTP request. In that case, Angular mistakenly treats it as a legitimate URL and sends the person’s secret XSRF token to that exterior area.

Suppose an attacker efficiently methods the appliance into sending a request to a website they management. In that case, they’ll seize the person’s legitimate XSRF token.

Cvn With this stolen key, the attacker can bypass CSRF protections solely. This permits them to carry out unauthorized actions on the sufferer’s behalf, resembling altering account settings or submitting fraudulent transactions.

The vulnerability impacts a number of variations of the framework. The next desk outlines the affected variations and the required updates.

Growth groups utilizing Angular ought to improve to the patched variations instantly to make sure their functions are safe.

If an instantaneous improve shouldn’t be attainable, a workaround is accessible. Builders should guarantee their code avoids utilizing protocol-relative URLs (beginning with //).

As a substitute, all backend requests ought to use relative paths (beginning with /) or totally certified absolute URLs (beginning with 

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Linux Malware Authors Attacking Cloud Environments Using ELF Binaries Linux Malware Authors Attacking Cloud Environments Using ELF Binaries Cyber Security News
Google Warns of Cybercriminals Increasingly Attacking US Users to Steal Login Credentials Google Warns of Cybercriminals Increasingly Attacking US Users to Steal Login Credentials Cyber Security News
HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer Cyber Security News
Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users Cyber Security News
New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins New Phishing Kit with AI-assisted Development Attacking Microsoft Users to Steal Logins Cyber Security News
Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug Cyber Security News