CVE-2025-60935

Description

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.

PUBLISHED Reserved 2025-09-26 | Published 2025-12-24 | Updated 2025-12-24 | Assigner mitre

References

github.com/ReturnFI/Blitz

gist.github.com/HEXER365/2e866b47d56585e1e59e7c16bf4b4db7

cve.org (CVE-2025-60935)

nvd.nist.gov (CVE-2025-60935)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.