CVE-2025-11273

Summary

A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument URL results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LaChatterieVerger1.2.0affected
LaChatterieVerger1.2.1affected
LaChatterieVerger1.2.2affected
LaChatterieVerger1.2.3affected
LaChatterieVerger1.2.4affected
LaChatterieVerger1.2.5affected
LaChatterieVerger1.2.6affected
LaChatterieVerger1.2.7affected
LaChatterieVerger1.2.8affected
LaChatterieVerger1.2.9affected
LaChatterieVerger1.2.10affected

Weaknesses

  • CWE-502: Deserialization
  • CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References