CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-2418 MEDIUM
TR7 Web Application Firewall 4.30-16022026 - Open Redirect
CVSS 4.3
CVE-2025-66596 MEDIUM
Yokogawa FAST/TOOLS R9.01-R10.04 - Open Redirect via Invalid Host Header
CVSS 6.1
CVE-2025-67852 LOW
Moodle < 4.1.22 - Open Redirect via OAuth Login Flow
CVSS 3.5
CVE-2025-68616 HIGH
WeasyPrint < 68.0 - Server-Side Request Forgery via HTTP Redirect Bypass
CVSS 7.5
CVE-2025-68470 MEDIUM
React Router 6.0.0-6.30.1 and 7.0.0-7.9.5 - Open Redirect via navigate() or Link Component
CVSS 6.5
CVE-2025-14524 MEDIUM
curl Cross-Protocol Redirect - OAuth2 Bearer Token Disclosure
CVSS 5.3
CVE-2025-61782 MEDIUM
OpenCTI < 6.8.3 - Open Redirect via SAML RelayState Parameter
CVSS 5.4
CVE-2025-15112 MEDIUM
Ksenia Security lares firmware 1.6 - URL Redirection via cmdOk.xml redirectPage Parameter
CVSS 5.4
CVE-2025-15258 LOW
Edimax BR-6208AC 1.02/1.03 - Open Redirect via wlan-url Parameter in formALGSetup
CVSS 3.5
CVE-2025-15241 LOW
CloudPanel Community Edition <2.5.1 - Open Redirect
CVSS 3.5
CVE-2025-55060 MEDIUM
Priority Web <= 23.0 - Open Redirect
CVSS 6.1
CVE-2025-60935 MEDIUM
Blitz Panel <1.17.0 - Open Redirect
CVSS 6.1
CVE-2025-68602 MEDIUM
Scott Paterson Accept Donations with PayPal <1.5.1 - Open Redirect
CVSS 4.7
CVE-2025-68509 MEDIUM
Jeff Starr User Submitted Posts - Open Redirect
CVSS 4.7
CVE-2025-1885 MEDIUM
Restajet Online Food Delivery System <= 19122025 - Open Redirect
CVSS 5.4
CVE-2025-55254 LOW
HCL BigFix Remote Control Lite Web Portal <=10.1.0.0326 - Path-Relative Stylesheet Code Execution
CVSS 3.7
CVE-2025-43526 CRITICAL
macOS Tahoe <26.2 - Info Disclosure
CVSS 9.8
CVE-2025-34440 MEDIUM
AVideo < 20.1 - Open Redirect via siteRedirectUri Parameter
CVSS 6.1
CVE-2025-34439 MEDIUM
AVideo < 20.1 - Open Redirect via cancelUri Parameter
CVSS 6.1
CVE-2025-62690 LOW
Mattermost 10.11.0-10.11.4 - Open Redirect via Error Page URL Parameter
CVSS 3.1
CVE-2025-65581 MEDIUM
Volosoft ABP Framework 5.1.0-10.0.0-rc.2 - Open Redirect via Account Module ReturnUrl Parameter
CVSS 5.3
CVE-2025-64250 MEDIUM
wpWax Directorist <8.5.6 - Open Redirect
CVSS 4.7
CVE-2025-14692 MEDIUM
Mayan EDMS < 4.10.2 - Open Redirect via Authentication Endpoint
CVSS 4.3
CVE-2025-14451 MEDIUM
Solutions Ad Manager <1.0.0 - Open Redirect
CVSS 4.7
CVE-2025-34504 MEDIUM
KodExplorer 4.52 - Open Redirect via User Login Link Parameter
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits