Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Kimai SameSite Cookie Vulnerability Allowing Session Hijacking

Vulnerability

A SameSite cookie vulnerability has been identified in Kimai version 1.30.10. This vulnerability allows attackers to steal user session cookies, potentially leading to session hijacking. Exploitation involves tricking victims into executing a crafted PHP script that captures and writes session cookie information to a file.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can take over a user's session by stealing their session cookies.

Reproduction

To reproduce this vulnerability, log into Kimai 1.30.10 and upload a PHP script named 'Update.php' to the 'public' directory. This script should be crafted to read and write cookie data to a file. Once the script is executed, it will capture the session cookies and save them to 'PoC.txt', which can then be downloaded from the user's desktop.

Remediation

Users are advised to upgrade to Kimai versions through 1.30.9, as this vulnerability has been addressed in the latest release.

Added: Dec 19, 2025, 9:20 PM
Updated: Dec 19, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
1.3
exploitability
8.1
remediation
0.0
relevance
1.6
threat
8.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.