CVE-2025-66025
- Source
- https://cve.org/CVERecord?id=CVE-2025-66025
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66025.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66025
- Aliases
-
- GHSA-cf52-h5mw-gmc2
- Published
- 2025-11-26T01:59:06.790Z
- Modified
- 2026-03-10T21:53:26.629754Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Caido Improperly Handles External Links in Markdown
- Details
-
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.
- Database specific
{ "cwe_ids": [ "CWE-74" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66025.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/caido/caido
Affected versions
v0.*
v0.22.1
v0.23.1
v0.24.0
v0.24.1
v0.25.0
v0.25.3
v0.26.0
v0.27.1
v0.27.2
v0.28.0
v0.29.0
v0.29.2
v0.30.0
v0.30.1
v0.30.2
v0.30.3
v0.30.4
v0.31.0
v0.31.1
v0.32.0
v0.32.1
v0.33.0
v0.34.0
v0.34.1
v0.35.0
v0.36.0
v0.36.1
v0.37.0
v0.38.0
v0.39.0
v0.40.0
v0.41.0
v0.42.0
v0.43.0
v0.43.1
v0.44.0
v0.44.1
v0.45.0
v0.45.1
v0.46.0
v0.47.0
v0.47.1
v0.48.0
v0.48.1
v0.49.0
v0.50.0
v0.50.1
v0.50.2
v0.51.0
v0.51.1
v0.52.0