CVE-2025-70037
Open Redirect in linagora Twake Enables Code Execution
Publication date: 2026-03-09
Last updated on: 2026-03-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linagora | twake | 2023.q1.1223 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-70037 is a vulnerability found in linagora Twake version v2023.Q1.1223. It is classified under CWE-601, which involves URL Redirection to Untrusted Site.
This vulnerability allows attackers to redirect users to malicious or untrusted websites, potentially leading to phishing attacks or the exposure of sensitive information by deceiving users into visiting harmful sites.
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to redirect you to malicious websites where your sensitive information could be stolen.
It may also allow attackers to execute arbitrary code, which could compromise your system or data security.
Overall, it increases the risk of phishing attacks and unauthorized access to sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves URL redirection to untrusted sites in linagora Twake version v2023.Q1.1223. Detection typically involves identifying if the application redirects users to external or untrusted URLs without proper validation.
Since the vulnerability is related to URL redirection, you can monitor HTTP traffic or logs for suspicious redirect patterns or unexpected external URLs.
Specific commands to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability allows attackers to redirect users to malicious or untrusted websites, potentially leading to phishing or exposure of sensitive information.
Immediate mitigation steps generally include updating linagora Twake to a version where this vulnerability is fixed or applying patches if available.
Additionally, implementing strict validation and sanitization of URLs used in redirection within the application can help prevent exploitation.
No specific mitigation commands or patches are detailed in the provided resources.