CVE-2023-53957
Unknown Unknown - Not Provided
SameSite Cookie Vulnerability in Kimai 1.30.10 Enables Session Hijacking

Publication date: 2025-12-19

Last updated on: 2026-02-19

Assigner: VulnCheck

Description
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53957
EUVD
EUVD-2025-204601
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kimai kimai 1.30.10
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1275 The SameSite attribute for sensitive cookies is not set, or an insecure value is used.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to session hijacking, where attackers gain unauthorized access to user accounts by stealing session cookies. This can result in attackers impersonating legitimate users, accessing sensitive information, and performing actions on behalf of the victim without their consent, posing significant security risks. [1, 3]

Detection Guidance

Detection can involve monitoring for suspicious HTTP requests that involve the malicious Update.php script or unexpected file writes such as PoC.txt on the server. Network traffic analysis tools can be used to detect cross-site requests carrying session cookies. Additionally, inspecting cookie attributes for improper SameSite settings can help identify vulnerable sessions. Specific commands are not provided in the resources, but monitoring web server logs for requests to Update.php or unexpected file creation, and using tools like Burp Suite to analyze cookie attributes and traffic, are recommended approaches. [3]

Mitigation Strategies

Immediate mitigation steps include updating Kimai to a version that fixes the SameSite cookie vulnerability, if available. In the meantime, restrict or monitor access to the Update.php script or any similar endpoints that could be exploited. Implement proper SameSite cookie attributes to prevent cookies from being sent in cross-site requests. Additionally, monitor for suspicious activity such as unexpected file creation (e.g., PoC.txt) and unauthorized session access. Employ security best practices such as using secure, HttpOnly, and SameSite cookie flags to reduce risk. [1, 3]

Compliance Impact

This vulnerability allows attackers to steal user session cookies and hijack user sessions, which can lead to unauthorized access to personal and sensitive data. Such unauthorized access and data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding user data and ensuring session security. Therefore, the vulnerability poses a risk to compliance with these common standards and regulations by potentially exposing protected user information. [1, 3]

Executive Summary

CVE-2023-53957 is a SameSite cookie vulnerability in Kimai version 1.30.10. It occurs because the application improperly sets the SameSite attribute on session cookies, which allows attackers to steal these cookies. Attackers can trick users into executing a crafted PHP script that captures and writes the session cookie information to a file. This enables attackers to hijack user sessions and gain unauthorized access. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart