CVE-2025-3027

MEDIUM Year: 2025
Weakness Type
CWE-601
View all →

Vulnerability Description

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malicious external sites, which can be exploited for phishing or other social engineering attacks.

Related Vulnerabilities

CVE-2022-31657

CRITICAL
CVSS:9.8(Critical)

VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain.

CWE-6012022

CVE-2024-22891

CRITICAL
CVSS:9.8(Critical)

Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.

CWE-6012024

CVE-2022-40083

CRITICAL
CVSS:9.6(Critical)

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery ...

CWE-6012022

CVE-2022-41559

CRITICAL
CVSS:9.3(Critical)

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on t...

CWE-6012022

CVE-2017-8989

CRITICAL
CVSS:9.1(Critical)

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

CWE-6012017

CVE-2024-33661

CRITICAL
CVSS:9.1(Critical)

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

CWE-6012024