CVE-2025-8813

Aug. 10, 2025, 3:15 p.m.

5.1
Medium

Description

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.

Product(s) Impacted

Vendor Product Versions
Atjiu
  • Pybbs
  • <6.0.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a atjiu pybbs <6.0.0 / / / / / / /

References

https://github.com/atjiu/pybbs/commit/edb14ff13e9e05394960ba46c3d31d844ff2deac
https://github.com/atjiu/pybbs/issues/210
https://github.com/atjiu/pybbs/issues/210#issue-3256474679
https://github.com/atjiu/pybbs/issues/210#issuecomment-3134906856
https://vuldb.com/?ctiid.319342
https://vuldb.com/?id.319342
https://vuldb.com/?submit.622333

Tags

CWE-601
cna@vuldb.com
2025-08-10
CVE-2025-8813

CVSS Score

5.1 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Attack Requirements: NONE
  • Privileges Required: LOW
  • User Interaction: PASSIVE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: LOW
  • Availability Impact: NONE
  • Exploit Maturity: PROOF_OF_CONCEPT

    • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: Aug. 10, 2025, 3:15 p.m.
Last Modified: Aug. 10, 2025, 3:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.