Unknown · Diracx-Web · CVE-2025-54066
**Name of the Vulnerable Software and Affected Versions**
DiracX-Web versions prior to 0.1.0-a8
**Description**
DiracX-Web is a web application that provides an interface to interact with the DiracX services. An attacker can forge a request to redirect an authenticated user to an arbitrary website. The application’s `redirect` field on the login page is not verified and is susceptible to parameter pollution, allowing an attacker to hide a malicious URI. This could be used for phishing and credential theft.
**Recommendations**
Update to version 0.1.0-a8 or later.