CVE-2025-8129

Name of the Vulnerable Software and Affected Versions Koa versions up to 3.0.0

Description A problematic issue exists in KoaJS Koa. The back function within the HTTP Header Handler component, located in lib/response.js, is susceptible to open redirect attacks through manipulation of the Referrer argument. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 3.0.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.