CVE-2025-47789

Name of the Vulnerable Software and Affected Versions: Horilla versions prior to 1.3

Description: Horilla is a free and open source Human Resource Management System (HRMS). In affected versions, an attacker can manipulate a Horilla URL to refer to an external domain. Upon clicking and logging in, the user is redirected to this external domain, allowing redirection to any arbitrary site, including phishing or malicious domains. This can be used to impersonate Horilla and trick users.

Recommendations: For versions prior to 1.3, update to a version that includes the fix commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 to resolve the issue. As a temporary workaround, consider restricting access to external domains from within Horilla to minimize the risk of exploitation.