CVE-2025-64115

Exploit

EPSS 0.21%
Veröffentlicht 30.10.2025 17:39:19
Zuletzt bearbeitet 08.12.2025 15:34:33
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Movary unvalidated Referer header allows open redirect and phishing

Movary is a web application to track, rate and explore your movie watch history. Versions up to and including 0.68.0 use the HTTP Referer header value directly for redirects in multiple settings endpoints, allowing a crafted link to cause an open redirect to an attacker-controlled site and facilitate phishing. This vulnerability is fixed in 0.69.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Leepeuker ≫ Movary Version < 0.69.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/leepeuker/movary/security/advisories/GHSA-pm58-79jw-q79f

Third Party Advisory

Exploit

https://github.com/leepeuker/movary/pull/713

Issue Tracking

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-64115

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64115

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64115

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-64115