CVE-2025-64481

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-64481

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64481.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-64481

Aliases

GHSA-w832-gg5g-x44m

Published

2025-11-07T20:35:39.827Z

Modified

2025-11-20T10:09:32.578507Z

Severity

0.0 (None) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N CVSS Calculator

Summary

Open redirect endpoint in Datasette

Details

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

Database specific

{
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git / github.com/simonw/datasette

Affected ranges

Type

GIT

Repo

https://github.com/simonw/datasette

Events

Introduced

Fixed

6a141467f9f8b05c84bc00c10e157962e3e43960

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.65.2"
        }
    ]
}

Type

GIT

Repo

https://github.com/simonw/datasette

Events

Introduced

4a0bd960e9763623dae6a13c8af3810c4ce9fb0a

Fixed

95a1fef28000d0b44ceaa398421530f588c5c385

Database specific

{
    "versions": [
        {
            "introduced": "1.0a0"
        },
        {
            "fixed": "1.0a20"
        }
    ]
}

Affected versions

0.*

0.10

0.11

0.12

0.13

0.14

0.15

0.16

0.17

0.18

0.19

0.20

0.21

0.22

0.22.1

0.23

0.23.1

0.23.2

0.24

0.25

0.25.1

0.25.2

0.26

0.26.1

0.26.2

0.27

0.28

0.29

0.29.1

0.29.2

0.29.3

0.30

0.30.1

0.30.2

0.31

0.31.1

0.31.2

0.32

0.33

0.34

0.35

0.36

0.37

0.37.1

0.38

0.39

0.40

0.41

0.42

0.43

0.44

0.45

0.45a0

0.45a1

0.45a2

0.45a3

0.45a4

0.45a5

0.46

0.47

0.47.1

0.47.2

0.47.3

0.48

0.49

0.49.1

0.49a0

0.49a1

0.50

0.50.1

0.50.2

0.50a0

0.50a1

0.51

0.51.1

0.51a0

0.51a1

0.51a2

0.52

0.52.1

0.52.2

0.52.3

0.52.4

0.53

0.54

0.54a0

0.55

0.56

0.57

0.57.1

0.57a0

0.57a1

0.58

0.58.1

0.58a0

0.58a1

0.59

0.59.1

0.59.2

0.59.3

0.59.4

0.59a0

0.59a1

0.59a2

0.60

0.60a0

0.60a1

0.61

0.61.1

0.61a0

0.62

0.62a0

0.62a1

0.63

0.63.1

0.63.2

0.63.3

0.63a0

0.63a1

0.64

0.64.1

0.64.2

0.64.3

0.64.4

0.64.5

0.64.6

0.64.7

0.64.8

0.65

0.65.1

0.7

0.8

0.9

1.*

1.0a0

1.0a1

1.0a10

1.0a11

1.0a12

1.0a13

1.0a14

1.0a15

1.0a16

1.0a17

1.0a18

1.0a19

1.0a2

1.0a3

1.0a4

1.0a5

1.0a6

1.0a8

1.0a9