Security Advisory

CVE-2025-67713

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-11 00:17:00

Last updated 2025-12-11 18:52:30

Assigner GitHub_M

State PUBLISHED

Description

Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.

← Browse all CVEs View on cve.org ↗