Common Weakness Enumeration

CWE-698

Allowed

Execution After Redirect (EAR)

Abstraction: Base · Status: Incomplete

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

31 vulnerabilities reference this CWE, most recent first.

GHSA-QCVR-PQ9V-99VC

Vulnerability from github – Published: 2025-07-29 06:30 – Updated: 2025-07-29 06:30
VLAI
Details

An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-698"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-29T05:15:31Z",
    "severity": "MODERATE"
  },
  "details": "An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.",
  "id": "GHSA-qcvr-pq9v-99vc",
  "modified": "2025-07-29T06:30:21Z",
  "published": "2025-07-29T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53077"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungda.com/securityUpdates.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.