CVE-2025-11222
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-11222, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-04

Last updated on: 2025-12-04

Assigner: LINE Corporation

Description

Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to untrusted sites via specially crafted URLs, potentially facilitating phishing attacks and credential theft.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-04
Last Modified
2025-12-04
Generated
2026-07-06
AI Q&A
2025-12-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linecorp centraldogma *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Open Redirect issue in Central Dogma versions before 0.78.0. It occurs in the login function where attackers can craft malicious URLs that redirect users to untrusted, potentially phishing, websites. This happens because the application improperly uses user-controlled input to specify external redirect links, allowing attackers to trick users into visiting fake login pages and potentially stealing their credentials. [1]

Impact Analysis

If exploited, this vulnerability can lead to users being redirected to phishing sites that impersonate the legitimate Central Dogma login page. This can result in user account compromise and unauthorized access to the Central Dogma instance. The impact includes limited data exposure and limited data modification, but no impact on availability. [1]

Detection Guidance

This vulnerability can be detected by testing the login function of Central Dogma for open redirect behavior. Specifically, you can attempt to access the login URL with crafted parameters that redirect to an external untrusted site. For example, using curl or a browser, send requests to the login endpoint with redirect parameters pointing to an external URL and observe if the redirection occurs. Example command: curl -v 'https://your-centraldogma-instance/login?redirect=https://malicious-site.com' and check if the response redirects to the external URL. If it does, the system is vulnerable. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Central Dogma to version 0.78.0 or later, where the vulnerability is patched. As a workaround, if upgrading is not immediately possible, server operators can implement a custom AuthProvider to override the webLoginService() method to prevent the open redirect behavior. [1]

Compliance Impact

The provided resources do not specify how this open redirect vulnerability in Central Dogma affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11222. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart