CVE-2025-71244

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-71244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-71244
Downstream
Published
2026-02-19T16:27:12.507Z
Modified
2026-02-26T01:23:43.459819Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.

References

Affected packages

Git / git.spip.net/spip/spip

Affected ranges

Type
GIT
Repo
https://git.spip.net/spip/spip
Events
Introduced
34c023d47b424b5b4daebe8be37e2c4f1142ebc0
Fixed
c0848b9773e05d010ab16486f3096f85761628b0
Introduced
d018791680e65c1415b84efdfb89f6c96ba8c34a
Fixed
ef79547f022e880642b5fc83a0e25811eef8bdda

Affected versions

4.*
4.3.6
4.3.7
4.3.8
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
v4.*
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-71244.json"