CVE-2025-64754
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jitsi | jitsi_meet | 2.0.10532 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Jitsi Meet versions prior to 2.0.10532 and allows attackers to hijack the OAuth authentication window for Microsoft accounts. This means an attacker could potentially interfere with or take control of the authentication process when users log in using their Microsoft credentials.
How can this vulnerability impact me? :
The vulnerability could allow attackers to hijack the OAuth authentication window, potentially leading to unauthorized access or interception of Microsoft account authentication. This could compromise user accounts and lead to unauthorized access to video conferencing sessions or related data.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Jitsi Meet to version 2.0.10532 or later, as this version contains the fix for the OAuth authentication window hijacking vulnerability. No known workarounds are available.