CVE-2025-34504

MEDIUM

Kodcloud Kodexplorer - Open Redirect

Title source: rule

Description

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

Exploits (1)

exploitdb WRITEUP

by Rahad Chowdhury · textwebappsphp

https://www.exploit-db.com/exploits/52245

View Code ZIP pw:eip

References (4)

[Release Notes] https://github.com/kalcaddle/KodExplorer/releases/tag/4.52

[Product] https://kodcloud.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/52245

[Third Party Advisory] https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint

Scores

CVSS v3 6.1

EPSS 0.0026

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-601

Status published

Affected Products (1)

kodcloud/kodexplorer

Timeline

Published Dec 11, 2025

Tracked Since Feb 18, 2026