CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-67713 MEDIUM
Miniflux < 2.2.15 - Open Redirect via Protocol-Relative URL
CVSS 6.1
CVE-2025-67502 MEDIUM
Taguette < 1.5.2 - Open Redirect via Unvalidated Next Parameter
CVSS 5.4
CVE-2025-67587 MEDIUM
WP Gravity Forms FreshDesk Plugin <1.3.5 - Open Redirect
CVSS 4.7
CVE-2025-67585 MEDIUM
Flexmls IDX <3.15.7 - Open Redirect
CVSS 4.7
CVE-2025-11222 MEDIUM
Central Dogma <0.78.0 - Open Redirect
CVSS 6.1
CVE-2025-20382 LOW
Splunk <10.0.2,9.4.6,9.3.8,9.2.10 - CSRF
CVSS 3.5
CVE-2025-58044 MEDIUM
fit2cloud jumpserver < 3.10.19 - Open Redirect via Referer Header
CVSS 6.1
CVE-2025-13819 MEDIUM
MiR Robot and Fleet - Open Redirect
CVSS 6.1
CVE-2025-66062 LOW
WP YouTube Lyte <1.7.28 - Open Redirect
CVSS 3.4
CVE-2025-63828 MEDIUM
Backdrop CMS 1.32.1 - Host Header Injection
CVSS 6.1
CVE-2025-40545 MEDIUM
SolarWinds Observability Self-Hosted < 2025.4.1 - Authenticated Open Redirect via Unsanitized URL
CVSS 4.8
CVE-2025-64754 LOW
Jitsi Meet <2.0.10532 - Open Redirect
CVE-2025-20355 MEDIUM
Cisco Catalyst Center Virtual Appliance - Open Redirect
CVSS 4.7
CVE-2025-64716 MEDIUM
Anubis < 1.23.0 - Open Redirect via Subrequest Authentication
CVE-2025-20378 LOW
Splunk Enterprise <10.0.1-9.3.7-9.2.9 - Open Redirect
CVSS 3.1
CVE-2025-42924 MEDIUM
SAP S/4HANA landscape (SAP E-Recruiting BSP) - Unauthenticated Open Redirect via Malicious Link
CVSS 6.1
CVE-2025-42893 MEDIUM
SAP Business Connector - Unauthenticated Open Redirect via Malicious URL
CVSS 6.1
CVE-2025-64481 LOW
Datasette < 0.65.2 and 1.0a0-1.0a19 - Open Redirect via Double Slash Path
CVE-2025-63784 MEDIUM
Onlook web app <0.2.32 - Open Redirect
CVSS 6.5
CVE-2025-12789 MEDIUM
Red Hat Single Sign-On - Open Redirect
CVSS 6.1
CVE-2025-64116 MEDIUM
Movary < 0.69.0 - Open Redirect via Login Page Redirect Parameter
CVSS 6.1
CVE-2025-64115 MEDIUM
Movary <= 0.68.0 - Open Redirect via HTTP Referer Header
CVSS 6.1
CVE-2025-62266 MEDIUM
Liferay Digital Experience Platform < 7.4.3.110 - Open Redirect
CVSS 6.1
CVE-2025-50736 MEDIUM
Byaidu PDFMathTranslate <1.9.9 - Open Redirect
CVSS 6.1
CVE-2025-64101 HIGH
Zitadel < 2.71.18 - Open Redirect via Password Reset Forwarded Header
CVSS 8.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits