CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-54145 CRITICAL
Firefox for iOS >=141 - URL Redirection to Untrusted Site via QR Scanner
CVSS 9.1
CVE-2025-54144 MEDIUM
Firefox < 141.0 - URL Redirection to Untrusted Site via Search Query Scheme
CVSS 5.4
CVE-2025-8066 MEDIUM
Bunkerity Bunker Web <1.6.2 - Open Redirect
CVE-2025-55207 MEDIUM
Astro < 9.4.1 - Open Redirect via Node Deployment Adapter in Standalone Mode
CVE-2025-54681 MEDIUM
CRM Perks Connector - Open Redirect
CVSS 4.7
CVE-2025-55166 MEDIUM
svg-sanitize < 0.22.0 - Open Redirect via XlinkHref Attribute Bypass
CVE-2025-8813 LOW
pybbs < 6.0.0 - Open Redirect via Referer Parameter in changeLanguage Function
CVSS 3.5
CVE-2025-8737 LOW
zlt2000 microservices-platform <6.0.0 - Open Redirect
CVSS 3.5
CVE-2025-54793 MEDIUM
Astro 5.2.0-5.12.7 - Open Redirect via Trailing Slash Logic
CVSS 6.1
CVE-2025-2824 HIGH
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, 9.5.0 - Open Redirect
CVSS 7.4
CVE-2025-50578 CRITICAL
LinuxServer.io heimdall 2.6.3-ls307 - Host Header Injection and Open Redirect
CVSS 9.8
CVE-2025-52897 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Cross-Site Scripting via Planning Feature
CVSS 6.5
CVE-2025-54414 MEDIUM
Anubis < 1.21.3 - Open Redirect via Pass-Challenge Redir Parameter
CVE-2025-8129 LOW
KoaJS Koa 2.0.0-2.16.2 - Open Redirect via Referrer Header
CVSS 3.5
CVE-2025-44109 MEDIUM
Pinokio 3.6.23 - URL Redirection to Untrusted Site
CVSS 5.4
CVE-2025-50477 MEDIUM
lbry-desktop 0.53.9 - Open Redirect
CVSS 5.4
CVE-2025-4296 MEDIUM
HotelRunner B2B <04.06.2025 - Open Redirect
CVSS 4.7
CVE-2025-7953 LOW
Sanluan PublicCMS <5.202506.a - Open Redirect
CVSS 3.5
CVE-2025-7949 LOW
Sanluan PublicCMS <5.202506.a - Open Redirect
CVSS 3.5
CVE-2025-7863 LOW
thinkgem JeeSite <5.12.0 - Open Redirect
CVSS 3.5
CVE-2025-7785 MEDIUM
thinkgem JeeSite <5.12.0 - Open Redirect
CVSS 4.3
CVE-2025-6197 MEDIUM
Grafana 11.3.x-11.3.7, 11.4.x-11.4.5, 11.5.x-11.5.5, 11.6.x-11.6.2, 12.0.x-12.0.1 Open Redirect
CVSS 4.2
CVE-2025-6023 HIGH
Grafana OSS <12.0.2 - Open Redirect
CVSS 7.6
CVE-2025-7763 MEDIUM
thinkgem JeeSite <5.12.0 - Open Redirect
CVSS 4.3
CVE-2025-54066 MEDIUM
diracx-web-components < 0.1.0-a8 - Open Redirect via Redirect Parameter
CVSS 4.7
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits