How to fix CVE-2024-10908?

Within 30 days: Identify affected systems running lm-sys/fastchat Release and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Open Redirect affected by CVE-2024-10908?

Organizations using lm-sys/fastchat Release should be aware of moderate risk from CVE-2024-10908 rated CVSS 6.1. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

CVE-2024-10908

MEDIUM

2025-03-20 [email protected]

6.1

CVSS 3.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

PoC Detected

Jul 31, 2025 - 15:35 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

MEDIUM 6.1

Description

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

Analysis

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical Context

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft. Affected products include: Lm-Sys Fastchat.

Affected Products

Lm-Sys Fastchat.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.7

CVSS: +30

POC: +20

CVE-2024-10908 vulnerability details – vuln.today

Back

CVE-2024-10908

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-10908

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code