CVE-2025-59426
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-25

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-* headers to the origin as-is, or where the origin trusts them without validation, an attacker can inject an arbitrary host and trigger an open redirect that sends users to a malicious domain. This issue has been patched in version 1.130.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-25
Last Modified
2025-10-08
Generated
2026-06-16
AI Q&A
2025-09-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59426
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lobehub lobe_chat to 1.130.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an open redirect issue in the Lobe Chat open-source AI chat framework prior to version 1.130.1. The problem arises because the OIDC redirect handling logic constructs the final redirect URL's host and protocol based on client-supplied headers like X-Forwarded-Host, Host, and X-Forwarded-Proto without proper validation. If a reverse proxy forwards these headers without validation or the origin server trusts them blindly, an attacker can inject arbitrary host values. This allows the attacker to redirect users to malicious external domains, potentially enabling phishing or session hijacking attacks. [2]

Impact Analysis

This vulnerability can impact you by allowing attackers to force users to be redirected to untrusted, malicious external websites. This can lead to phishing attacks, credential harvesting, session fixation, and disruption of OAuth/OIDC authentication flows. Although the vulnerability does not directly expose tokens, attackers can exploit the open redirect to trick users into visiting harmful sites, especially when combined with other vulnerabilities such as Content Security Policy bypass or cache poisoning. [2]

Detection Guidance

This vulnerability can be detected by testing if the application improperly trusts and uses the X-Forwarded-Host, Host, and X-Forwarded-Proto headers to construct redirect URLs. A practical approach is to send HTTP requests with manipulated X-Forwarded-Host and X-Forwarded-Proto headers to see if the server redirects to an attacker-controlled domain. For example, using curl, you can run a command similar to: curl -v -H "X-Forwarded-Host: attacker.com" -H "X-Forwarded-Proto: https" https://your-lobe-chat-instance/oidc/consent to check if the redirect location points to the injected host. If the server redirects to the attacker.com domain, the vulnerability is present. [2]

Mitigation Strategies

The immediate mitigation step is to upgrade the lobe-chat project to version 1.130.1 or later, where the vulnerability has been patched. The fix involves proper validation and sanitization of redirect URLs in the OIDC flow, ensuring that redirect hosts are strictly checked against allowed hosts to prevent open redirect attacks. If upgrading immediately is not possible, ensure that your reverse proxy does not forward client-supplied X-Forwarded-* headers without validation, or configure the origin server to not trust these headers blindly. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59426. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart