Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain

Posted on By CWS

A vital safety vulnerability has been found within the Angular framework that might enable attackers to steal delicate person safety tokens.

The vulnerability, tracked as CVE-2025-66035, impacts the Angular HttpClient and includes the unintentional leakage of Cross-Web site Request Forgery (XSRF) tokens.

Angular functions use a built-in safety mechanism to stop Cross-Web site Request Forgery (CSRF) assaults.

Angular HTTP Consumer Vulnerability

This technique works by assigning a secret “token” to a person’s session. At any time when the appliance sends a request to the server, it consists of this token to show the request is official.

The flaw lies in Angular’s dedication of whether or not a request is secure. The system checks vacation spot URLs to find out whether or not to connect this secret token.

Sadly, the logic incorrectly recognized URLs beginning with // (protocol-relative URLs) as “same-origin” or native requests.

FieldValueCVE IDCVE-2025-66035Vulnerability TypeCredential Leak / XSRF Token ExposureCVSS Score7.5 Assault VectorNetworkCWE IdentifiersCWE-201 (Insertion of Delicate Data Into Despatched Knowledge), CWE-359 (Publicity of Personal Private Data)ImpactAllows attackers to seize XSRF tokens and bypass CSRF protections to carry out unauthorized actions on behalf of victims

Suppose a developer inadvertently makes use of a protocol-relative URL (e.g., //attacker.com) in an HTTP request. In that case, Angular mistakenly treats it as a legitimate URL and sends the person’s secret XSRF token to that exterior area.

Suppose an attacker efficiently methods the appliance into sending a request to a website they management. In that case, they’ll seize the person’s legitimate XSRF token.

Cvn With this stolen key, the attacker can bypass CSRF protections solely. This permits them to carry out unauthorized actions on the sufferer’s behalf, resembling altering account settings or submitting fraudulent transactions.

The vulnerability impacts a number of variations of the framework. The next desk outlines the affected variations and the required updates.

Growth groups utilizing Angular ought to improve to the patched variations instantly to make sure their functions are safe.

If an instantaneous improve shouldn’t be attainable, a workaround is accessible. Builders should guarantee their code avoids utilizing protocol-relative URLs (beginning with //).

As a substitute, all backend requests ought to use relative paths (beginning with /) or totally certified absolute URLs (beginning with 

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Microsoft Defender XDR New Advanced Hunting Tables for Email and Cloud Protections Cyber Security News
Insider Threats in 2025 Detection and Prevention Strategies Cyber Security News
Hackers Exploiting SAP NetWeaver Vulnerability to Deploy Auto-Color Linux Malware Cyber Security News
Windows 11 Gets New AI-Powered Features Cyber Security News
TAG-144 Actors Attacking Government Entities With New Tactics, Techniques, and Procedures Cyber Security News
ToolShell Exploit Chain Attacking SharePoint Servers to Gain Complete Control Cyber Security News