Home

Description

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.

PUBLISHED Reserved 2025-11-18 | Published 2025-12-16 | Updated 2025-12-16 | Assigner mitre

References

github.com/...ommit/a01adc58464d278ca817c4bbb6cbce30f155d0d1

github.com/...ommit/44a2dc14e933f3ce1ca93f9313d836694ab77d1d

cve.org (CVE-2025-65581)

nvd.nist.gov (CVE-2025-65581)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.