CVE-2025-34504

MEDIUM

Kodcloud Kodexplorer - Open Redirect

Title source: rule

Description

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

Exploits (1)

exploitdb WRITEUP

by Rahad Chowdhury · textwebappsphp

https://www.exploit-db.com/exploits/52245

View Code ZIP pw:eip

References (4)

[Release Notes] https://github.com/kalcaddle/KodExplorer/releases/tag/4.52

[Product] https://kodcloud.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/52245

[Third Party Advisory] https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint

Scores

CVSS v3 6.1

EPSS 0.0030

EPSS Percentile 53.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (1)

kodcloud/kodexplorer 4.52

Published Dec 11, 2025

Tracked Since Feb 18, 2026