CVE-2025-57821
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-27

Last updated on: 2025-08-29

Assigner: GitHub, Inc.

Description
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a session cookie may be vulnerable, if this can be chained with an attack that allows injection of arbitrary data into the session cookie. This issue has been patched in version 1.3.0. If upgrading is not possible at this time, a way to mitigate the chained attack can be done by explicitly setting SameSite=Lax or SameSite=Strict on the application session cookie.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-27
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57821
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
basecamp google_sign_in 1.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-57821 is a vulnerability in Basecamp's google_sign_in RubyGem prior to version 1.3.0. It allows an attacker to craft a malformed URL that bypasses the 'same origin' check in the redirect process after Google sign-in. This can cause the application to redirect users to an unintended external origin (open redirect). The vulnerability is especially risky in Rails applications that store flash information in session cookies, as it can be combined with attacks that inject arbitrary data into session cookies to exploit the redirect. The issue was fixed by enforcing strict validation of redirect URLs and raising exceptions on malformed URLs. [1, 2, 3, 4]

Impact Analysis

This vulnerability can lead to open redirect attacks where users are redirected to malicious external sites after authentication. If exploited, it could expose sensitive authentication information such as tokens. The impact on confidentiality and integrity is low, and there is no impact on availability. However, it can facilitate phishing attacks by redirecting users to untrusted sites. The attack requires user interaction and network access but no privileges. Applications that store flash session data in cookies are vulnerable if combined with session cookie injection attacks. [1, 3]

Detection Guidance

Detection involves monitoring for unexpected or malformed URL redirects involving the `flash[:proceed_to]` parameter in the google_sign_in integration. Specifically, look for redirect URLs that bypass the same-origin policy or contain malformed URLs. Since the vulnerability is related to open redirects via the 'proceed_to' parameter, you can inspect application logs or network traffic for redirect attempts to external or suspicious URLs after authentication. Commands to help detect this might include: 1) Checking Rails logs for redirect URLs: `grep 'proceed_to' log/production.log | grep -v '^https://yourdomain.com'` 2) Using network monitoring tools like `tcpdump` or `Wireshark` to capture HTTP redirects and filter for unusual destinations. 3) Reviewing session cookie contents for injected flash data if possible. Note that no specific detection commands are provided in the resources, so these suggestions are based on the nature of the vulnerability. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1) Upgrade the google_sign_in library to version 1.3.0 or later, which contains the fix that enforces strict validation of redirect URLs and raises exceptions on malformed URLs. 2) If upgrading is not immediately possible, configure your Rails application to explicitly set the session cookie attribute SameSite to Lax or Strict to mitigate the risk of chained session cookie attacks. These steps reduce the risk of open redirect exploitation and session cookie injection attacks. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57821. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart