CVE-2025-34504

Published: Dec 11, 2025Modified: Dec 15, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

Affected (1)

Products: Kodcloud: Kodexplorer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kodcloud Kodexplorer	Version 4.52

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://github.com/kalcaddle/KodExplorer/releases/tag/4.52

Source: disclosure@vulncheck.com

Release Notes

https://kodcloud.com/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/52245

Source: disclosure@vulncheck.com

ExploitThird Party AdvisoryVDB Entry

https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint

Source: disclosure@vulncheck.com

Third Party Advisory

Timeline

No history available yet.