CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-62253 MEDIUM
Liferay Digital Experience Platform < 7.3 and 7.4.0-7.4.3.97 - Open Redirect via GroupPagesPortlet Redirect Parameter
CVSS 6.1
CVE-2025-62981 MEDIUM
WP Gravity Forms Zoho CRM & Bigin <1.2.9 - Open Redirect
CVSS 4.7
CVE-2025-62716 HIGH
Plane < 1.1.0 - Unauthenticated Open Redirect and Cross-Site Scripting via next_path Parameter
CVSS 8.1
CVE-2025-10355 MEDIUM
MOLGENIS EMX2 <11.14.0 - Open Redirect
CVE-2025-60151 MEDIUM
WP Gravity Forms HubSpot <1.2.5 - Open Redirect
CVSS 4.7
CVE-2025-61753 MEDIUM
Oracle Scripting 12.2.3-12.2.14 - Unauthenticated Open Redirect via HTTP
CVSS 6.1
CVE-2025-62595 MEDIUM
koa 2.16.2-2.16.3 and 3.0.1-3.0.3 - Open Redirect via Referer Header Manipulation
CVSS 4.3
CVE-2025-62428 HIGH
Drawing-Captcha APP - Host Header Injection
CVE-2025-62407 MEDIUM
frappe < 14.98.0 - Open Redirect via Login Page Redirect Argument
CVSS 6.1
CVE-2025-62379 LOW
Reflex 0.5.4-0.8.14 - Open Redirect via /auth-codespace Endpoint
CVSS 3.1
CVE-2025-54196 MEDIUM
Adobe Connect < 12.9 - Open Redirect
CVSS 4.3
CVE-2025-47890 LOW
Fortinet FortiOS 6.4.0-7.6.3, FortiProxy 7.0.0-7.6.3, FortiSASE 25.2.a - Open Redirect via Crafted HTTP Requests
CVSS 2.6
CVE-2025-62361 MEDIUM
WeGIA < 3.5.0 - Open Redirect via control.php nextPage Parameter
CVSS 6.1
CVE-2025-11167 MEDIUM
CM Registration < 2.5.6 - Unauthenticated Open Redirect via redirect_url Parameter
CVSS 4.7
CVE-2025-35059 MEDIUM
Newforma Project Center < 2024.1 - Unauthenticated Open Redirect via nhl Parameter
CVSS 4.3
CVE-2025-0608 MEDIUM
Logo Cloud <2025.R6 - Open Redirect
CVSS 5.5
CVE-2025-61606 MEDIUM
WeGIA < 3.5.0 - Open Redirect via control.php nextPage Parameter
CVSS 6.1
CVE-2025-54088 MEDIUM
Absolute Secure Access < 14.10 - Open Redirect via Console
CVSS 6.1
CVE-2025-11240 HIGH
KNIME Business Hub <1.16.0 - Open Redirect
CVSS 7.2
CVE-2025-61587 MEDIUM
Weblate < 5.13.3 - Open Redirect via Redir Parameter
CVSS 6.1
CVE-2025-57879 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2025-57878 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2025-57872 MEDIUM
Esri Portal for ArcGIS <= 11.4 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2025-59426 MEDIUM
lobehub/lobe_chat < 1.130.1 - Open Redirect via X-Forwarded-Host Header
CVSS 4.3
CVE-2025-58006 MEDIUM
WP Gravity Forms Keap/Infusionsoft <1.2.4 - Open Redirect
CVSS 4.7
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits