Home

Description

The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.

PUBLISHED Reserved 2025-09-30 | Published 2025-10-10 | Updated 2025-10-10 | Assigner certcc

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

3.6
affected

References

www.synchroweb.com/release-notes/kiwire/security

cve.org (CVE-2025-11190)

nvd.nist.gov (CVE-2025-11190)

Download JSON