6.1
CVE-2025-14692
- EPSS 0.4%
- Veröffentlicht 14.12.2025 23:32:09
- Zuletzt bearbeitet 29.04.2026 01:00:01
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginMayan EDMS authentication redirect
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficient to resolve this issue. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mayan-edms ≫ Mayan Edms Version < 4.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.317 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 2.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://docs.mayan-edms.com/chapters/releases/4.10.2.html
https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
https://vuldb.com/?id.336410
https://vuldb.com/?ctiid.336410
https://vuldb.com/?submit.711729
https://github.com/ionutluca888/Mayan-EDMS-OpenRedirect-POC/tree/main