CVE-2025-11190

MEDIUM

Kiwire Captive Portal - Open Redirect

Title source: llm

Description

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.

References (2)

[Release Notes, Vendor Advisory] https://www.synchroweb.com/release-notes/kiwire/security

[Third Party Advisory] https://www.kb.cert.org/vuls/id/887923

Scores

CVSS v3 5.4

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (1)

synchroweb/kiwire 3.6

Published Oct 10, 2025

Tracked Since Feb 18, 2026