Home
Description
URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.
PUBLISHED Reserved 2025-08-14 | Published 2025-08-20 | Updated 2025-08-20 | Assigner jpcert
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Problem types
URL redirection to untrusted site ('Open Redirect')
Product status
8.0.0 to 8.0.6
affected
8.4.0 to 8.4.2 (8 series)
affected
7 r.5508 and earlier (7 series)
affected
8.0.0 to 8.0.6
affected
8.4.0 to 8.4.2 (8 series)
affected
7 r.5508 and earlier (7 series)
affected
2.09 and earlier (2 series)
affected
1.66 and earlier (1 series)
affected
2.09 and earlier (2 series)
affected
1.66 and earlier (1 series)
affected
8.6.0 (8 series)
affected
7 r.5508 (7 series)
affected
2.09 (2 series)
affected
1.66 (1 series)
affected
References
movabletype.org/news/2025/08/mt-843-released.html
jvn.jp/en/jp/JVN76729865/
cve.org
(CVE-2025-55706)
nvd.nist.gov
(CVE-2025-55706)
Download JSON
