CVE-2025-8813
BaseFortify
Publication date: 2025-08-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pybbs_project | pybbs | to 6.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8813 is an open redirect vulnerability in the PyBBS software up to version 6.0.0. It occurs in the changeLanguage function of the IndexController.java file, where the application uses the HTTP referer header to redirect users after changing their language preference. Because the referer header is user-controllable and not properly validated, an attacker can manipulate it to redirect users to arbitrary external URLs. This can be exploited remotely and may facilitate phishing or other malicious activities by redirecting users to attacker-controlled sites. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect your users to malicious websites without your consent. Such open redirects can be used in phishing attacks to trick users into believing they are navigating within your trusted site, potentially leading to credential theft or malware infection. Although it does not affect confidentiality or availability, it compromises the integrity of your application by enabling attackers to manipulate user navigation. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the /changeLanguage endpoint and checking for suspicious or unexpected Referer header values that cause redirects to external or untrusted URLs. A simple detection method is to capture HTTP traffic and look for requests to /changeLanguage with a Referer header pointing to external domains. For example, using curl to test the endpoint: curl -I -H "Referer: http://attacker.com/" http://yourserver/changeLanguage -v and observing if the response redirects to the attacker.com domain. Network intrusion detection systems (NIDS) can be configured to alert on such redirect patterns. Additionally, reviewing the application source code or binaries to verify if the patch identified by commit edb14ff13e9e05394960ba46c3d31d844ff2deac has been applied can help confirm if the vulnerability is present. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by commit edb14ff13e9e05394960ba46c3d31d844ff2deac, which removes the use of the user-controllable Referer header in the /changeLanguage endpoint and instead redirects users unconditionally to the root path (/). If applying the patch is not immediately possible, as a temporary workaround, you can implement input validation or filtering on the Referer header to ensure it only allows internal URLs before redirecting. Additionally, monitoring and blocking suspicious redirect attempts can reduce risk until the patch is applied. [2, 4]