CVE-2025-10229
BaseFortify
Publication date: 2025-09-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freshworks | freshworks | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an open redirect issue in Freshwork versions up to 1.2.3. It occurs due to manipulation of the argument post_logout_redirect_uri in the /api/v2/logout endpoint. An attacker can exploit this remotely to redirect users to malicious sites after logout.
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to redirect users to potentially malicious websites after they log out, which may lead to phishing attacks or other social engineering exploits. It does not directly impact confidentiality or availability but can affect user trust and security.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the affected Freshwork component to version 1.2.3 or later, as this version fixes the open redirect vulnerability in the /api/v2/logout endpoint related to the post_logout_redirect_uri argument.