CVE-2025-65581

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Volosoft ABP Framework versions 5.1.0 through 9.9.9-rc.2

Description An open redirect issue exists within the Account module. Insufficient validation of the returnUrl parameter in the register function enables an attacker to redirect users to external websites. The vulnerability affects the application's ability to securely handle user redirection after registration.

Recommendations Volosoft ABP Framework versions 5.1.0 through 9.9.9-rc.2: Ensure proper validation of the returnUrl parameter in the register function to prevent redirection to arbitrary external domains.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-65581

GHSA-VFM5-CR22-JG3M

Affected Products

Appframework

CVE-2025-65581

Weakness Enumeration

Related Identifiers

Affected Products

References · 6