CVE-2025-11222
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-04
Assigner: LINE Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linecorp | centraldogma | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this open redirect vulnerability in Central Dogma affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is an Open Redirect issue in Central Dogma versions before 0.78.0. It occurs in the login function where attackers can craft malicious URLs that redirect users to untrusted, potentially phishing, websites. This happens because the application improperly uses user-controlled input to specify external redirect links, allowing attackers to trick users into visiting fake login pages and potentially stealing their credentials. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to users being redirected to phishing sites that impersonate the legitimate Central Dogma login page. This can result in user account compromise and unauthorized access to the Central Dogma instance. The impact includes limited data exposure and limited data modification, but no impact on availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the login function of Central Dogma for open redirect behavior. Specifically, you can attempt to access the login URL with crafted parameters that redirect to an external untrusted site. For example, using curl or a browser, send requests to the login endpoint with redirect parameters pointing to an external URL and observe if the redirection occurs. Example command: curl -v 'https://your-centraldogma-instance/login?redirect=https://malicious-site.com' and check if the response redirects to the external URL. If it does, the system is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Central Dogma to version 0.78.0 or later, where the vulnerability is patched. As a workaround, if upgrading is not immediately possible, server operators can implement a custom AuthProvider to override the webLoginService() method to prevent the open redirect behavior. [1]