CVE-2025-57821
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| basecamp | google_sign_in | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57821 is a vulnerability in Basecamp's google_sign_in RubyGem prior to version 1.3.0. It allows an attacker to craft a malformed URL that bypasses the 'same origin' check in the redirect process after Google sign-in. This can cause the application to redirect users to an unintended external origin (open redirect). The vulnerability is especially risky in Rails applications that store flash information in session cookies, as it can be combined with attacks that inject arbitrary data into session cookies to exploit the redirect. The issue was fixed by enforcing strict validation of redirect URLs and raising exceptions on malformed URLs. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to open redirect attacks where users are redirected to malicious external sites after authentication. If exploited, it could expose sensitive authentication information such as tokens. The impact on confidentiality and integrity is low, and there is no impact on availability. However, it can facilitate phishing attacks by redirecting users to untrusted sites. The attack requires user interaction and network access but no privileges. Applications that store flash session data in cookies are vulnerable if combined with session cookie injection attacks. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unexpected or malformed URL redirects involving the `flash[:proceed_to]` parameter in the google_sign_in integration. Specifically, look for redirect URLs that bypass the same-origin policy or contain malformed URLs. Since the vulnerability is related to open redirects via the 'proceed_to' parameter, you can inspect application logs or network traffic for redirect attempts to external or suspicious URLs after authentication. Commands to help detect this might include: 1) Checking Rails logs for redirect URLs: `grep 'proceed_to' log/production.log | grep -v '^https://yourdomain.com'` 2) Using network monitoring tools like `tcpdump` or `Wireshark` to capture HTTP redirects and filter for unusual destinations. 3) Reviewing session cookie contents for injected flash data if possible. Note that no specific detection commands are provided in the resources, so these suggestions are based on the nature of the vulnerability. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Upgrade the google_sign_in library to version 1.3.0 or later, which contains the fix that enforces strict validation of redirect URLs and raises exceptions on malformed URLs. 2) If upgrading is not immediately possible, configure your Rails application to explicitly set the session cookie attribute SameSite to Lax or Strict to mitigate the risk of chained session cookie attacks. These steps reduce the risk of open redirect exploitation and session cookie injection attacks. [1, 3]