Open Redirect
CVE-2025-68509
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
DescriptionCVE.org
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.
Analysis
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.
Technical ContextAI
An open redirect vulnerability allows attackers to redirect users from a trusted domain to an arbitrary external URL through manipulation of redirect parameters. This vulnerability is classified as URL Redirection to Untrusted Site (Open Redirect) (CWE-601).
Affected ProductsAI
Affected: Jeff Starr User Submitted Posts user-submitted-posts
RemediationAI
Validate redirect URLs against a whitelist of allowed destinations. Use relative URLs for redirects. Warn users before redirecting to external sites.
More from same product – last 7 days
Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent
Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara
Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP
Open redirection in the Password Manager authentication system enables network-accessible, unauthenticated attackers to
Share
External POC / Exploit Code
Leaving vuln.today