Refine your search
1 vulnerability found for by kodcloud
CVE-2025-34504 (GCVE-0-2025-34504)
Vulnerability from cvelistv5
Published
2025-12-11 21:43
Modified
2025-12-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kodcloud | KodExplorer |
Version: 4.52 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34504",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T16:26:00.735446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:27:52.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KodExplorer",
"vendor": "kodcloud",
"versions": [
{
"status": "affected",
"version": "4.52"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rahad Chowdhury"
}
],
"datePublic": "2024-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eKodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the \u0027link\u0027 parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.\u003c/p\u003e"
}
],
"value": "KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the \u0027link\u0027 parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T21:43:45.437Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52245",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52245"
},
{
"name": "KodExplorer Homepage",
"tags": [
"product"
],
"url": "https://kodcloud.com/"
},
{
"name": "KodExplorer Release Page",
"tags": [
"product"
],
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52"
},
{
"name": "VulnCheck Advisory: KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34504",
"datePublished": "2025-12-11T21:43:45.437Z",
"dateReserved": "2025-04-15T19:15:22.611Z",
"dateUpdated": "2025-12-16T16:27:52.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}