CVE-2025-3027

Name of the Vulnerable Software and Affected Versions EJBCA version 8.0 Enterprise

Description The issue exists in the EJBCA service, where a small change to the PATH of the URL associated with the service causes the server to fail in finding the requested file, resulting in a redirect to an external page. This could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks.

Recommendations For EJBCA version 8.0 Enterprise, consider restricting access to external redirects until a patch is available. As a temporary workaround, review and validate all URL paths associated with the EJBCA service to prevent unauthorized redirects.