CVE-2025-67502

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-67502

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-67502.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-67502

Aliases

GHSA-5923-r76v-mprm

Published

2025-12-09T23:53:39.474Z

Modified

2025-12-10T02:50:31.350717Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Taguette does not safeguard against Open Redirect

Details

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67502.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

Git / github.com/remram44/taguette

Affected ranges

Type

GIT

Repo

https://github.com/remram44/taguette

Events

Introduced

Fixed

bf23807d749dd15aed81ebfd6e3967f00d1353a1

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.5.2"
        }
    ]
}

Affected versions

v0.*

v0.0

v0.1

v0.10

v0.10.1

v0.11

v0.2

v0.3

v0.4

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5

v0.5-alpha.0

v0.6

v0.7

v0.8

v0.9

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.4.1

v1.5.0

v1.5.1