CVE-2026-25198
4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Summary
web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| web2py | web2py | 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior | affected |
Weaknesses
- CWE-601: URL redirection to untrusted site ('Open Redirect')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/web2py/web2py/commit/b4e1ddbd6d40fb30863f6263a67bcdf411a0c6df
- https://github.com/web2py/web2py/releases
- https://web2py.com/
- https://jvn.jp/en/jp/JVN46925341/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.