exploitDog

CVE-2025-64115

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.

Ссылки

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f
Patch
https://github.com/leepeuker/movary/pull/713
Issue Tracking
https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leepeuker:movary:*:*:*:*:*:*:*:*

Версия до 0.69.0 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-601

EPSS

Процентиль: 13%

0.00043

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-601