CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-50067 CRITICAL
Oracle Application Express <24.2.5 - Info Disclosure
CVSS 9.0
CVE-2025-53821 MEDIUM
WeGIA < 3.4.5 - Open Redirect via control.php nextPage Parameter
CVSS 4.7
CVE-2025-42985 MEDIUM
SAP BusinessObjects Content Administrator Workbench - Open Redirect via Crafted URL
CVSS 6.1
CVE-2025-42981 MEDIUM
SAP NetWeaver Application Server ABAP - Open Redirect
CVSS 6.1
CVE-2025-53535 LOW
better-auth < 1.2.10 - Open Redirect via originCheck Middleware
CVE-2025-6238 HIGH
WordPress AI Engine <2.8.4 - Open Redirect
CVSS 8.0
CVE-2025-49592 MEDIUM
n8n < 1.98.0 - Authenticated Open Redirect via Login Flow Redirect Parameter
CVSS 4.6
CVE-2025-6701 LOW
Xuxueli xxl-sso 1.1.0 - Open Redirect via redirect_url Parameter
CVSS 3.5
CVE-2025-25012 MEDIUM
Kibana 7.0.0-7.17.29 - Open Redirect and Server-Side Request Forgery via Crafted URL
CVSS 4.3
CVE-2025-6428 MEDIUM
Firefox for Android < 140.0 - URL Redirection via Link Querystring Parameter
CVSS 4.3
CVE-2025-6552 MEDIUM
java-aodeng Hope-Boot 1.0.0 - Open Redirect
CVSS 4.3
CVE-2025-36016 MEDIUM
IBM Process Mining 2.0.1 IF001 and 2.0.1 - Open Redirect
CVSS 6.8
CVE-2025-52552 MEDIUM
fastgpt < 4.9.12 - Open Redirect and DOM-based Cross-Site Scripting via LastRoute Parameter
CVSS 6.1
CVE-2025-6286 LOW
PHPGurukul COVID19 Testing Management System 2021 - Open Redirect
CVSS 3.5
CVE-2025-50182 MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
CVSS 5.3
CVE-2025-50181 MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
CVSS 5.3
CVE-2025-49868 MEDIUM
FunnelKit Automation By Autonami <3.6.0 - Open Redirect
CVSS 4.7
CVE-2025-2091 MEDIUM
M-Files Mobile < 25.6.0 - Open Redirect via Malicious PDF File
CVSS 5.4
CVE-2025-6089 MEDIUM
Astun Technology iShare Maps 5.4.0 - Open Redirect
CVSS 4.3
CVE-2025-26394 MEDIUM
SolarWinds Observability Self-Hosted < 2025.2 - Authenticated Open Redirect
CVSS 4.8
CVE-2025-49325 MEDIUM
Newspack Newsletters <3.13.0 - Open Redirect
CVSS 4.7
CVE-2025-30954 MEDIUM
WP Gravity Forms Constant Contact Plugin <1.1.0 - Open Redirect
CVSS 4.7
CVE-2025-30953 MEDIUM
WP Gravity Forms Salesforce <1.4.7 - Open Redirect
CVSS 4.7
CVE-2025-48936 HIGH
Zitadel <2.70.12, <2.71.10, <3.2.2 - SSRF
CVSS 8.1
CVE-2025-5256 MEDIUM
Mautic < 4.4.16, 5.2.6, 6.0.2 - Open Redirect via returnUrl Parameter
CVSS 5.4
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits