CVE-2025-10355 | THREATINT

Description

Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites or other malicious destinations via “/%2f%2f<MALICIOUS_DOMAIN>”.

PUBLISHED Reserved 2025-09-12 | Published 2025-10-23 | Updated 2025-10-23 | Assigner INCIBE

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

unaffected

11.14.0

affected

Credits

Erlaitz Parreño Muñoz finder

References

www.incibe.es/...pen-redirection-vulnerability-molgenis-emx2

cve.org (CVE-2025-10355)

nvd.nist.gov (CVE-2025-10355)

Download JSON