exploitDog

CVE-2025-67713

Опубликовано: 11 дек. 2025

Источник: nvd

EPSS Низкий

Описание

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.

Ссылки

EPSS

Процентиль: 19%

0.00059

Низкий

Дефекты

CWE-601

Связанные уязвимости

CVE-2025-67713

ubuntu

около 2 месяцев назад

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.

CVE-2025-67713

debian

около 2 месяцев назад

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below tr ...

GHSA-wqv2-4wpg-8hc9

github

около 2 месяцев назад

Miniflux has an Open Redirect via protocol-relative redirect_url

EPSS

Процентиль: 19%

0.00059

Низкий

Дефекты

CWE-601