CVE-2025-65581

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-65581

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65581.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65581

Aliases

GHSA-vfm5-cr22-jg3m

Published

2025-12-16T18:16:14.820Z

Modified

2026-01-09T07:54:41.687692Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.

References

Affected packages

Git / github.com/abpframework/abp

Affected ranges

Type: GIT
Repo: https://github.com/abpframework/abp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

44a2dc14e933f3ce1ca93f9313d836694ab77d1d

Fixed

a01adc58464d278ca817c4bbb6cbce30f155d0d1

Affected versions

0.*

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0.0

0.18.0

0.18.1

0.19.0

0.20.0

0.20.1

0.21.0

0.22.0

0.3.7

0.4.0

0.4.1

0.4.1.1

0.5.0

0.6.0

0.6.1

0.7.0

0.7.1

0.8.0

0.9.0

1.*

1.0.0

1.0.2

1.1.0

1.1.1

1.1.2

10.*

10.0.0-rc.1

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.2.0

2.2.1

2.3

2.3.0

2.4.0

2.4.1

2.5.0

2.6.0

2.6.1

2.6.2

2.7.0

2.8.0

2.9.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.1.0

3.1.0-rc.1

3.1.0-rc.2

3.1.0-rc.3

3.1.0-rc.4

3.1.1

3.1.2

3.2.0

3.2.0-rc.1

3.2.0-rc.2

3.2.1

3.3.0

3.3.0-rc.1

3.3.0-rc.2

3.3.1

3.3.2

4.*

4.0.0

4.0.0-rc.1

4.0.0-rc.2

4.0.0-rc.3

4.0.0-rc.4

4.0.0-rc.5

4.0.1

4.0.2

4.1.0

4.1.0-rc.1

4.1.0-rc.2

4.1.1

4.1.2

4.2.0

4.2.0-rc.1

4.2.0-rc.2

4.2.1

4.2.2

4.3.0

4.3.0-rc.1

4.3.0-rc.2

4.3.1

4.3.2

4.3.3

4.4.0

4.4.0-rc.1

4.4.0-rc.2

4.4.1

4.4.2

4.4.3

4.4.4

5.*

5.0.0

5.0.0-beta.1

5.0.0-beta.2

5.0.0-beta.3

5.0.0-rc.1

5.0.0-rc.2

5.0.1

5.0.2

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.2.0

5.2.0-rc.1

5.2.0-rc.2

5.2.1

5.2.2

5.3.0

5.3.0-rc.1

5.3.0-rc.2

5.3.0-rc.3

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

6.*

6.0.0

6.0.0-rc.1

6.0.0-rc.2

6.0.0-rc.3

6.0.0-rc.4

6.0.0-rc.5

6.0.1

6.0.2

6.0.3

7.*

7.0.0

7.0.0-rc.1

7.0.0-rc.2

7.0.0-rc.3

7.0.0-rc.4

7.0.0-rc.5

7.0.0-rc.6

7.0.1

7.0.2

7.0.3

7.1.0

7.1.0-rc.1

7.1.0-rc.2

7.1.0-rc.3

7.1.1

7.2.0-rc.1

7.2.0-rc.2

7.2.1

7.2.2

7.2.3

7.3.0

7.3.0-rc.1

7.3.0-rc.2

7.3.0-rc.3

7.3.1

7.3.2

7.3.3

7.4.0

7.4.0-rc.1

7.4.0-rc.2

7.4.0-rc.3

7.4.0-rc.4

7.4.0-rc.5

7.4.1

7.4.2

7.4.3

7.4.4

7.4.5

8.*

8.0.0

8.0.0-rc.1

8.0.0-rc.2

8.0.0-rc.3

8.0.1

8.0.2

8.0.3

8.0.4

8.0.5

8.0.6

8.1.0

8.1.0-rc.1

8.1.0-rc.2

8.1.0-rc.3

8.1.0-rc.4

8.1.1

8.1.2

8.1.3

8.1.4

8.1.5

8.2.0

8.2.0-rc.1

8.2.0-rc.2

8.2.0-rc.3

8.2.0-rc.4

8.2.0-rc.5

8.2.1

8.2.2

8.2.3

8.3.0

8.3.0-rc.1

8.3.0-rc.2

8.3.0-rc.3

8.3.1

8.3.2

8.3.3

8.3.4

9.*

9.0.0

9.0.0-rc.1

9.0.0-rc.2

9.0.0-rc.3

9.0.1

9.0.2

9.0.3

9.0.4

9.0.5

9.0.6

9.0.7

9.0.8

9.1.0

9.1.0-rc.1

9.1.0-rc.2

9.1.0-rc.3

9.1.1

9.1.2

9.1.3

9.2.0

9.2.0-rc.1

9.2.0-rc.2

9.2.0-rc.3

9.2.0-rc.4

9.2.1

9.2.2

9.2.3

9.2.4

9.3.0

9.3.0-rc.1

9.3.0-rc.2

9.3.0-rc.3

9.3.0-rc.4

9.3.1

9.3.2

9.3.3

9.3.4

9.3.5

v0.*

v0.3.1

v0.3.2

v0.3.2.1

v0.3.2.2

v0.3.3

v0.3.3.1

v0.3.3.2

v0.3.4

v0.3.5

v0.3.6

v0.6.2

v9.*

v9.2.0-preview

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65581.json"