CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-7702 MEDIUM
Pusula Communication Information Internet Industry and Trade Ltd. C...
CVSS 4.7
CVE-2025-9084 LOW
Mattermost 10.5.0-10.5.9 - Open Redirect via OAuth Login URL
CVSS 3.1
CVE-2025-9072 HIGH
Mattermost <10.10.1-10.5.9-10.9.4 - Open Redirect
CVSS 7.6
CVE-2025-43795 MEDIUM
Liferay Portal 7.1.0-7.4.3.101 & DXP 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-35 Open Redirect
CVSS 6.1
CVE-2025-10229 MEDIUM
Freshwork <= 1.2.3 - Open Redirect via post_logout_redirect_uri Parameter
CVSS 4.3
CVE-2025-57665 MEDIUM
element-plus < 2.10.6 - Open Redirect and XSS via Link Component href Attribute
CVSS 6.4
CVE-2025-39523 MEDIUM
GoodBarber <= 1.0.26 - Open Redirect
CVSS 4.7
CVE-2025-59013 MEDIUM
TYPO3 CMS Open Redirect via GeneralUtility::sanitizeLocalUrl
CVSS 6.1
CVE-2025-20291 MEDIUM
Cisco Webex Meetings - Open Redirect
CVSS 4.3
CVE-2025-58067 MEDIUM
google_sign_in < 1.3.1 - Open Redirect via Session Store 'proceed_to' Parameter
CVSS 4.2
CVE-2025-58204 MEDIUM
Podlove Podcast Publisher <4.2.5 - Open Redirect
CVSS 4.7
CVE-2025-57821 MEDIUM
google_sign_in < 1.3.0 - Open Redirect via Malformed URL
CVSS 4.2
CVE-2025-20317 HIGH
Cisco Unified Computing System (Managed) - Unauthenticated Open Redirect via vKVM Endpoint
CVSS 7.1
CVE-2025-2697 HIGH
IBM Cognos Command Center <10.2.5 - Open Redirect
CVSS 7.4
CVE-2025-52219 MEDIUM
SelectZero < 2025.5.2 - Open Redirect via Legacy UI Fields
CVSS 6.5
CVE-2025-43767 MEDIUM
Liferay Portal 7.4.3.86-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 Open Redirect via /c/portal/edit_info_item
CVSS 6.1
CVE-2025-57800 HIGH
Audiobookshelf <2.26.3 - Open Redirect
CVSS 8.8
CVE-2025-55625 MEDIUM
Reolink v4.54.0.4.20250526 - Open Redirect
CVSS 6.3
CVE-2025-55624 MEDIUM
Reolink v4.54.0.4.20250526 - Unauthenticated Intent Redirection
CVSS 5.3
CVE-2025-55751 MEDIUM
HackUCF OnboardLite < 6cca19ea4f47af125caa08ef82594844f039e07e - Open Redirect via Redirect URL Parameter
CVE-2025-7777 MEDIUM
mirror registry for Red Hat OpenShift - Open Redirect via Host Header
CVSS 6.5
CVE-2025-55706 MEDIUM
Movable Type 7-8.0.6, 8.4.0-8.4.2 - Open Redirect via Password Reset Page
CVSS 4.3
CVE-2025-9193 LOW
TOTVS Portal Meu RH <12.1.17 - Open Redirect
CVSS 3.5
CVE-2025-55032 MEDIUM
Mozilla Focus for iOS < 142 - Cross-Site Scripting via Content-Disposition Header Mishandling
CVSS 6.1
CVE-2025-55031 CRITICAL
Firefox for iOS < 142 - Open Redirect via FIDO Passkey Transport
CVSS 9.8
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits