CVE-2025-64781

MEDIUM

GroupSession <5.7.1 - Open Redirect

Title source: llm

Description

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.

References (2)

[Vendor Advisory] https://groupsession.jp/info/info-news/security20251208

[Third Party Advisory] https://jvn.jp/en/jp/JVN19940619/

Scores

CVSS v3 4.7

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (1)

groupsession/groupsession < 5.7.1 (3 CPE variants)

Published Dec 12, 2025

Tracked Since Feb 18, 2026