CVE-2025-67713

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Miniflux versions 2.2.14 and below

Description Miniflux is an open source feed reader susceptible to an open redirect issue. Specifically, versions 2.2.14 and earlier incorrectly handle the redirect url parameter when url.Parse(...).IsAbs() returns false, creating a potential for phishing attacks after a user logs in. Protocol-relative URLs, such as //ikotaslabs.com, bypass the safety check due to their empty scheme, enabling redirects to attacker-controlled websites. The issue is resolved in version 2.2.15. The vulnerable parameter is redirect url.

Recommendations Update to version 2.2.15 or later.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-67713

GHSA-WQV2-4WPG-8HC9

GO-2025-4226

SUSE-SU-2026:0037-1

Affected Products

Debian

Miniflux

CVE-2025-67713

Weakness Enumeration

Related Identifiers

Affected Products

References · 95