CVE-2025-60935
Open Redirect in Blitz Panel Login Enables Phishing Attacks
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blitz_panel | blitz_panel | 1.17.0 |
| blitz | panel | 1.17.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-60935 is an open redirect vulnerability in Blitz Panel version 1.17.0, specifically in the login endpoint. The vulnerability occurs because the application does not properly validate the 'next_url' parameter after a user successfully authenticates. An attacker can craft a malicious login URL containing a 'next_url' parameter that redirects authenticated users to an attacker-controlled external domain. This can lead users to phishing sites or cause token theft. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to redirect authenticated users to malicious websites, which can be used for phishing attacks or stealing session tokens. This can compromise user accounts and sensitive information by tricking users into interacting with attacker-controlled domains after login. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the /login endpoint of Blitz Panel version 1.17.0 for the presence of the "next_url" parameter containing external or suspicious domains. For example, you can use network traffic inspection tools or web server logs to search for URLs matching the pattern: /login?next_url= followed by an external domain. A simple command using grep on web server logs could be: grep "/login?next_url=" /path/to/access.log. Additionally, you can use tools like curl or wget to test if the login endpoint improperly redirects when given a crafted next_url parameter, e.g., curl -I "https://yourdomain/login?next_url=https://evil.com" and check for HTTP 3xx redirect responses to external domains. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Blitz Panel to version 1.18.1 or later, where the vulnerability has been fixed. Until the upgrade can be applied, you should consider implementing input validation or filtering on the next_url parameter to restrict redirects only to trusted internal URLs. Additionally, monitoring and alerting on suspicious redirect attempts can help reduce risk. Informing users about the phishing risk and encouraging caution with login URLs containing unexpected redirects is also advisable. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to redirect authenticated users to malicious domains, potentially leading to phishing attacks and token theft. Such security issues can result in unauthorized access to personal or sensitive data, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of user data and secure authentication processes. Therefore, this vulnerability could negatively impact compliance with these regulations by exposing users to data breaches and unauthorized data disclosure. [1]