CVE-2025-34504

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-34504

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34504.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-34504

Published

2025-12-11T22:15:53.640Z

Modified

2026-03-14T15:04:16.272844Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

References

Affected packages

Git / github.com/kalcaddle/kodexplorer

Affected ranges

Type

GIT

Repo

https://github.com/kalcaddle/kodexplorer

Events

Introduced

Last affected

dfb3597ca4aabf662a0e5f860d4f420fb4e390a4

Fixed

dfb3597ca4aabf662a0e5f860d4f420fb4e390a4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.52"
        }
    ]
}

Affected versions

2.*

2.1

2.61

3.*

3.1

3.12

3.21

3.22

3.23

3.34

3.35

3.36

3.37

3.41

3.43

3.45

3.46

4.*

4.1

4.2

4.21

4.22

4.23

4.24

4.25

4.32

4.34

4.35

4.36

4.38

4.39

4.45

4.46

4.47

4.48.01

4.48.02

4.49

4.49.02

4.50

4.51

4.51.02

4.51.03

v4.*

v4.45

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-34504.json"