CVE-2025-60935
Unknown Unknown - Not Provided
Open Redirect in Blitz Panel Login Enables Phishing Attacks

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: MITRE

Description
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-60935
EUVD
EUVD-2025-205287
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
blitz_panel blitz_panel 1.17.0
blitz panel 1.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows attackers to redirect authenticated users to malicious domains, potentially leading to phishing attacks and token theft. Such security issues can result in unauthorized access to personal or sensitive data, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of user data and secure authentication processes. Therefore, this vulnerability could negatively impact compliance with these regulations by exposing users to data breaches and unauthorized data disclosure. [1]

Executive Summary

CVE-2025-60935 is an open redirect vulnerability in Blitz Panel version 1.17.0, specifically in the login endpoint. The vulnerability occurs because the application does not properly validate the 'next_url' parameter after a user successfully authenticates. An attacker can craft a malicious login URL containing a 'next_url' parameter that redirects authenticated users to an attacker-controlled external domain. This can lead users to phishing sites or cause token theft. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to redirect authenticated users to malicious websites, which can be used for phishing attacks or stealing session tokens. This can compromise user accounts and sensitive information by tricking users into interacting with attacker-controlled domains after login. [1]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the /login endpoint of Blitz Panel version 1.17.0 for the presence of the "next_url" parameter containing external or suspicious domains. For example, you can use network traffic inspection tools or web server logs to search for URLs matching the pattern: /login?next_url= followed by an external domain. A simple command using grep on web server logs could be: grep "/login?next_url=" /path/to/access.log. Additionally, you can use tools like curl or wget to test if the login endpoint improperly redirects when given a crafted next_url parameter, e.g., curl -I "https://yourdomain/login?next_url=https://evil.com" and check for HTTP 3xx redirect responses to external domains. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade Blitz Panel to version 1.18.1 or later, where the vulnerability has been fixed. Until the upgrade can be applied, you should consider implementing input validation or filtering on the next_url parameter to restrict redirects only to trusted internal URLs. Additionally, monitoring and alerting on suspicious redirect attempts can help reduce risk. Informing users about the phishing risk and encouraging caution with login URLs containing unexpected redirects is also advisable. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60935. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart