CVE-2025-71244

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.3.9 SPIP versions 4.3.9 through 4.4.5

Description The software contains a flaw that allows an attacker to redirect a user to a malicious external site after they log in, specifically when the site is configured to use AJAX mode for the login form. This occurs through a crafted URL. The issue affects sites where the login page has been customized to operate in AJAX mode and is not prevented by the SPIP security features.

Recommendations Update to a version later than 4.4.5. Update to version 4.3.9 or later.