Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross- origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

There are packages installed that are affected by a vulnerability referenced in the following CVE:

  - Angular is a development platform for building mobile and desktop web applications using
    TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF
    token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak
    by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to
    an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by
    checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin.
    If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and
    the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions
    19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs
    (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as
    relative paths (starting with a single /) or fully qualified, trusted absolute URLs. (CVE-2025-66035)

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Angular is a development platform for building mobile and desktop web applications using     TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF     token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak     by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to     an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by     checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin.
    If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and     the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions     19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs     (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as     relative paths (starting with a single /) or fully qualified, trusted absolute URLs. (CVE-2025-66035)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
505434	Siemens RUGGEDCOM RST2428P Insertion of Sensitive Information Into Sent Data (CVE-2025-66035)	Tenable OT Security	Tenable.ot	high
436963	SCA: security update for @angular/common (GHSA-58c5-g7wp-6w37)	Tenable Cloud Security	SCA Checks	high
436963	SCA: security update for @angular/common (GHSA-58c5-g7wp-6w37)	Tenable Self-Hosted Container Security	SCA Checks	high
276979	Linux Distros Unpatched Vulnerability : CVE-2025-66035	Nessus	Misc.	high

Detections

Analytics

CVE-2025-66035

high

Tenable Plugins

high

high

high

high