CVE-2025-6089
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-15

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-15
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6089
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
astuntechnology ishare_maps 5.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6089 is an open redirect vulnerability in Astun Technology iShare Maps version 5.4.0, specifically in the atCheckJS.aspx file. The vulnerability occurs because the 'ref' parameter is improperly handled, allowing an attacker to manipulate it to redirect users to arbitrary external websites. This can be exploited remotely without authentication but requires user interaction. The flaw enables attackers to redirect users to potentially malicious sites, facilitating phishing attacks and compromising the application's integrity. [1, 2]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to redirect your users to malicious websites through the vulnerable 'ref' parameter. This can lead to phishing attacks where users might be tricked into providing sensitive information or downloading malware. Since the attack can be initiated remotely and requires only user interaction, it poses a risk to the trustworthiness and security of your application or service. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by searching for the vulnerable endpoint 'atCheckJS.aspx' in your web application URLs. One suggested method is using Google dorking with the query 'inurl:atCheckJS.aspx' to identify potentially affected targets. Additionally, you can test the endpoint by sending HTTP requests with the 'ref' parameter manipulated to an external URL and observe if an open redirect occurs. For example, using curl: curl -I 'https://yourdomain.com/atCheckJS.aspx?ref=https://evil.com' and checking if the response redirects to the external site. [1]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been published for this vulnerability. The recommended immediate step is to replace the affected product (Astun Technology iShare Maps 5.4.0) with an alternative solution. Additionally, monitoring and restricting access to the vulnerable endpoint and educating users about phishing risks may help reduce impact until a fix or patch is available. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart