CVE-2025-65581
MEDIUM WAF: Medium
CVSS 5.3
Published: 2025-12-16
CWE-601
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| volosoft | abp | 5.1.0 - 10.0.0 |
| volosoft | abp | 10.0.0 |
References
- github.com (Patch)
- github.com (Patch)