CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-3522 MEDIUM
Thunderbird < 128.9.2 and 128.9.2-137.0.1 - URL Redirection via X-Mozilla-External-Attachment-URL
CVSS 6.3
CVE-2025-31491 HIGH
AutoGPT < 0.6.1 - Open Redirect via Request Wrapper
CVSS 8.6
CVE-2025-32694 MEDIUM
Rustaurius Ultimate WP Mail <1.3.2 - Open Redirect
CVSS 4.7
CVE-2025-32693 MEDIUM
WebinarPress <= 1.33.28 - Open Redirect
CVSS 4.7
CVE-2025-3433 MEDIUM
Advanced Advertising System <1.3.1 - Open Redirect
CVSS 6.1
CVE-2025-3155 HIGH
Yelp - Arbitrary Script Execution via Help Document
CVSS 7.4
CVE-2025-31871 MEDIUM
Galaxy Weblinks WP Clone <3.4 - Open Redirect
CVSS 4.7
CVE-2025-31821 MEDIUM
Zoho CRM & Contact Form 7 <1.0.6 - Open Redirect
CVSS 4.7
CVE-2025-24180 HIGH
Safari < 18.4 - Open Redirect via WebAuthn Credential Claiming
CVSS 8.1
CVE-2025-3027 MEDIUM
EJBCA 8.0-<9.1 - Open Redirect via PATH Manipulation
CVSS 6.1
CVE-2025-2980 LOW
Legrand SMS PowerView 1.x - Open Redirect
CVSS 3.5
CVE-2025-24381 HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - Unauthenticated Open Redirect
CVSS 8.8
CVE-2025-30885 MEDIUM
Bit Form - Contact Form Plugin <= 2.18.0 - Open Redirect
CVSS 4.7
CVE-2025-30884 MEDIUM
Bit Apps Bit Integrations <2.4.10 - Open Redirect
CVSS 4.7
CVE-2025-30859 MEDIUM
AliNext <= 3.5.1 - Open Redirect
CVSS 4.7
CVE-2025-30795 MEDIUM
FunnelKit Automation By Autonami <3.5.1 - Open Redirect
CVSS 4.7
CVE-2025-30781 MEDIUM
WPFactory Scheduled & Automatic Order Status Controller - Open Redi...
CVSS 4.7
CVE-2025-30164 MEDIUM
Icinga Web 2 <2.11.5, <2.12.13 - Open Redirect
CVSS 4.1
CVE-2025-27888 MEDIUM
Apache Druid - Server-Side Request Forgery
CVSS 5.4
CVE-2025-21104 MEDIUM
Dell NetWorker < 19.11.0.4 and 19.12 - Unauthenticated Open Redirect in Management Console
CVSS 4.3
CVE-2025-28896 MEDIUM
Akshar Soft Solutions AS English Admin - Open Redirect
CVSS 4.7
CVE-2025-27625 MEDIUM
Jenkins < 2.492.2, < 2.500 - URL Redirection to Untrusted Site via Backslash Character Handling
CVSS 4.3
CVE-2025-27426 MEDIUM
Firefox < 136.0 - URL Spoofing via Server-Side Redirect
CVSS 5.4
CVE-2025-27424 MEDIUM
Firefox for iOS < 136 - Open Redirect
CVSS 4.3
CVE-2025-1300 MEDIUM
CodeChecker <= 6.24.5 - Open Redirect via Multiple Slashes Bypass
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits