CVE-2025-67502
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| taguette | taguette | to 1.5.2 (inc) |
| taguette | taguette | 1.5.2 |
| taguette | taguette | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Taguette versions 1.5.1 and below allows attackers to create malicious URLs that redirect users to arbitrary external websites after they authenticate. The application uses a user-controlled 'next' parameter directly in HTTP redirects without validating it, enabling attackers to perform phishing attacks by redirecting victims from a trusted Taguette instance to malicious sites designed to steal credentials or deliver malware.
How can this vulnerability impact me? :
This vulnerability can lead to phishing attacks where users believe they are interacting with a legitimate Taguette instance but are redirected to malicious websites. This can result in stolen credentials or malware infections, potentially compromising user accounts and system security.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Taguette to version 1.5.2 or later, as this version contains the fix for the vulnerability involving unvalidated redirects via the next parameter.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to phishing attacks, credential theft, and malware distribution by redirecting users to malicious external sites after authentication. Such security incidents can result in unauthorized access to personal or sensitive data, potentially violating data protection regulations like GDPR and HIPAA that require safeguarding user data and ensuring secure authentication processes. Therefore, the presence of this vulnerability may negatively impact compliance with these standards by increasing the risk of data breaches and unauthorized data exposure. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the Taguette instance for URLs containing the 'next' parameter with external domains. For example, you can use network traffic inspection tools or web server logs to search for requests where the 'next' parameter points to an external URL. A simple command to search web server logs for such patterns could be: grep -E 'next=https?://[^/]' access.log. Additionally, you can test manually by attempting to access URLs like https://[your-taguette-instance]/login?next=https://malicious-site.com and observe if the redirect occurs after login or cookie acceptance. Detecting redirects to external sites after login or cookie acceptance indicates the presence of the vulnerability. [2]