PT-2025-34076 · Unknown · Onboardlite
Bestdevofc
·
Published
2025-08-20
·
Updated
2025-08-21
·
CVE-2025-55751
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions:
OnboardLite versions with commit hash 6cca19e or later
Description:
An attacker can manipulate a link to the trusted application, redirecting users to a malicious external site upon access. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements JWT signing for the redirect URL parameter.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Onboardlite