CVE-2025-0970

Name of the Vulnerable Software and Affected Versions Zenvia Movidesk versions up to 25.01.22

Description A vulnerability was found in Zenvia Movidesk, affecting an unknown functionality of the file /Account/Login. The manipulation of the ReturnUrl argument leads to open redirect. The attack can be launched remotely.

Recommendations For Zenvia Movidesk versions up to 25.01.22, upgrade to version 25.01.22.245a473c54 to address this issue. As a temporary workaround, consider restricting access to the /Account/Login endpoint until the upgrade is applied. Avoid using the ReturnUrl argument in the affected endpoint until the issue is resolved.