CVE-2025-60935

Name of the Vulnerable Software and Affected Versions Blitz Panel version 1.17.0

Description An open redirect issue exists in the login functionality of Blitz Panel. The issue is located in the /login endpoint and involves the next url parameter. Successful exploitation could allow an attacker to redirect a user to a malicious domain, potentially leading to phishing or token theft after authentication.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting or validating the next url parameter in the /login endpoint to prevent redirection to untrusted domains.