CVE-2025-64754 | THREATINT

Description

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.

PUBLISHED Reserved 2025-11-10 | Published 2025-11-13 | Updated 2025-11-14 | Assigner GitHub_M

LOW: 2.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

< 2.0.10532

affected

References

github.com/...i-meet/security/advisories/GHSA-5fx7-wgcr-fj78

cve.org (CVE-2025-64754)

nvd.nist.gov (CVE-2025-64754)

Download JSON