CVE-2025-40545

MEDIUM
2025-11-18 [email protected]
Open Redirect Observability Self Hosted
4.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:22 vuln.today
CVE Published
Nov 18, 2025 - 09:15 nvd
MEDIUM 4.8

DescriptionNVD

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.

AnalysisAI

SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. Rated medium severity (CVSS 4.8). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Open Redirect (CWE-601), which allows attackers to redirect users to malicious websites via URL manipulation. SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. Affected products include: Solarwinds Observability Self-Hosted.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate redirect destinations against an allowlist, avoid using user input in redirect URLs.

Share

CVE-2025-40545 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy