CVE-2025-4838

Name of the Vulnerable Software and Affected Versions: kanwangzjm Funiture versions up to 71ca0fb0658b3d839d9e049ac36429207f05329b

Description: A problematic issue was found in the doPost function of the LoginServlet.java file, affecting the Login component. The manipulation of the ret argument leads to an open redirect. This issue can be exploited remotely.

Recommendations: For versions up to 71ca0fb0658b3d839d9e049ac36429207f05329b, as a temporary workaround, consider restricting access to the doPost function of the LoginServlet.java file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.