CVE-2025-55706
MEDIUMMovable Type 7-8.0.6, 8.4.0-8.4.2 - Open Redirect via Password Reset Page
Title source: llmDescription
URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.
References (2)
Core 2
Core References
Various Sources
https://movabletype.org/news/2025/08/mt-843-released.html
Third Party Advisory
https://jvn.jp/en/jp/JVN76729865/
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
8.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-601
Status
published
Products (14)
Six Apart Ltd./Movable Type (Cloud Edition)
7 r.5508 (7 series)
Six Apart Ltd./Movable Type (Cloud Edition)
8.6.0 (8 series)
Six Apart Ltd./Movable Type (Software Edition)
7 r.5508 and earlier (7 series)
Six Apart Ltd./Movable Type (Software Edition)
8.0.0 to 8.0.6
Six Apart Ltd./Movable Type (Software Edition)
8.4.0 to 8.4.2 (8 series)
Six Apart Ltd./Movable Type Advanced (Software Edition)
7 r.5508 and earlier (7 series)
Six Apart Ltd./Movable Type Advanced (Software Edition)
8.0.0 to 8.0.6
Six Apart Ltd./Movable Type Advanced (Software Edition)
8.4.0 to 8.4.2 (8 series)
Six Apart Ltd./Movable Type Premium (Cloud Edition)
1.66 (1 series)
Six Apart Ltd./Movable Type Premium (Cloud Edition)
2.09 (2 series)
... and 4 more
Published
Aug 20, 2025
Tracked Since
Feb 18, 2026