216.73.216.170

CVE-2025-60935

· Published 24/12/2025 15:16 · Modified 24/12/2025 17:15

Labels: CVE-2025-60935 2025-12-24CVE-2025-60935CWE-601[email protected]

Essential information

Published
24/12/2025 15:16
Modified
24/12/2025 17:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
blitz / blitz panel cpe:2.3:a:blitz:blitz_panel:1.17.0:*:*:*:*:*:*:*

References