CVE-2025-55751

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55751

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55751.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55751

Aliases

GHSA-p8c5-qp4c-qr2m

Published

2025-08-20T15:31:48.496Z

Modified

2026-04-02T12:55:34.438058Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N CVSS Calculator

Summary

OnboardLite Open Redirect Endpoint

Details

OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements jwt signing for the redirect url parameter.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55751.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git / github.com/hackucf/onboardlite

Affected ranges

Type: GIT
Repo: https://github.com/hackucf/onboardlite
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6cca19ea4f47af125caa08ef82594844f039e07e

Affected versions

Other

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55751.json"