VDB
CVE-2025-66035
CVE-2025-66035
PUBLISHED
CVSS 7.699999809265137 HIGH
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
EPSS 0.19% · 40.6th percentile
Risk Scores
CVSS 4.0
7.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
EPSS Score
0.19%
40.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| angular | angular | >= 21.0.0-next.0, < 21.0.1, >= 20.0.0-next.0, < 20.3.14, * |
| angular | common | 0, 20.0.0-next.0, 21.0.0-next.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-66035 (circl-sighting)
- CIRCL seen: CVE-2025-66035 (circl-sighting)
- CIRCL seen: CVE-2025-66035 (circl-sighting)
- CIRCL seen: CVE-2025-66035 (circl-sighting)
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37 (circl)
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f (circl)
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc (circl)
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e (circl)
- https://github.com/angular/angular/releases/tag/19.2.16 (circl)
- https://github.com/angular/angular/releases/tag/20.3.14 (circl)
…and 19 more exploits
Timeline
- Jan 21, 1970 Security Advisory
- Nov 26, 2025 CVE Published
- Nov 26, 2025 PoC Published
- Nov 27, 2025 EPSS Score
- Nov 27, 2025 Coalition ESS Score
- Nov 27, 2025 PoC Published
- Nov 27, 2025 PoC Published
- Nov 28, 2025 Coalition ESS Score
- Dec 1, 2025 Coalition ESS Score
- Dec 2, 2025 EPSS Score
- Dec 2, 2025 Coalition ESS Score
- Dec 3, 2025 Coalition ESS Score
References
- https://www.ibm.com/support/pages/node/7261959 advisory
- https://www.ibm.com/support/pages/node/7261794 advisory
- https://www.ibm.com/support/pages/node/7261890 advisory
- https://www.ibm.com/support/pages/node/7261887 advisory
- https://www.ibm.com/support/pages/node/7261935 advisory
- https://www.ibm.com/support/pages/node/7261436 advisory
- https://www.ibm.com/support/pages/node/7261774 advisory
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37 url
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f url
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc url
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e url
- https://github.com/angular/angular/releases/tag/19.2.16 url
- https://github.com/angular/angular/releases/tag/20.3.14 url
- https://github.com/angular/angular/releases/tag/21.0.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-66035 advisory
- https://github.com/angular/angular package
- https://www.ibm.com/support/pages/node/7270805 advisory
- https://www.ibm.com/support/pages/node/7270827 advisory
- https://www.ibm.com/support/pages/node/7270869 advisory
- https://www.ibm.com/support/pages/node/7270820 advisory
…and 4 more