PT-2025-31355 · Koa · Koa
Published
2025-07-29
·
Updated
2025-07-29
·
CVE-2025-54420
3.5
Low
| Base vector | Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
### Name of the Vulnerable Software and Affected Versions:
Koa (affected versions not specified)
### Description:
The `back` method used for redirect operations in Koa utilizes the user-controllable `Referrer` header as the redirect target, creating an open redirect condition. The `response.redirect()` function, specifically when using the 'back' argument, retrieves the `Referrer` header from the request. If the `Referrer` header is present, the application redirects to the URL specified in this header. If the `Referrer` header is absent, it redirects to the `alt` value or the root path ('/'). This allows an attacker to control the redirect target by manipulating the `Referrer` header.
### Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Open Redirect
Weakness Enumeration
Related Identifiers
Affected Products
References · 12
- https://nvd.nist.gov/vuln/detail/CVE-2025-54420 · Security Note
- https://osv.dev/vulnerability/GHSA-jgmv-j7ww-jx2x · Vendor Advisory
- https://github.com/koajs/koa/security/advisories/GHSA-jgmv-j7ww-jx2x⭐ 35586 🔗 3222 · Note
- https://github.com/koajs/koa/commit/422c551c63d00f24e2bbbdf492f262a5935bb1f0⭐ 35585 🔗 3221 · Note
- https://github.com/koajs/koa⭐ 35585 🔗 3221 · Note
- https://github.com/koajs/koa/issues/1892#issue-3213028583⭐ 35583 🔗 3221 · Note
- https://github.com/koajs/koa/issues/1892⭐ 35583 🔗 3221 · Note
- https://twitter.com/VulmonFeeds/status/1950266998316781854 · Twitter Post
- https://t.me/CVEtracker/28679 · Telegram Post
- https://vuldb.com/?ctiid.317514 · Note
- https://vuldb.com/?id.317514 · Note
- https://vuldb.com/?submit.619741 · Note