CVE-2025-64115

Name of the Vulnerable Software and Affected Versions Movary versions prior to 0.69.0

Description Movary, a web application for tracking movie watch history, is susceptible to an open redirect issue. Versions up to and including 0.68.0 directly utilize the HTTP Referer header value for redirects within multiple settings endpoints. This allows an attacker to craft a malicious link that redirects users to a site controlled by the attacker, potentially enabling phishing attacks. The issue is addressed in version 0.69.0. The vulnerable setting endpoints utilize the HTTP Referer header without proper validation.

Recommendations Upgrade to version 0.69.0 or later.