CVE-2025-64754

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-64754

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64754.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-64754

Aliases

GHSA-5fx7-wgcr-fj78

Published

2025-11-13T21:48:08.692Z

Modified

2026-03-13T03:38:29.870841Z

Severity

2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

Jitsi Meet has DOM Redirect on Microsoft OAuth Flow

Details

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64754.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64754.json"