CVE-2025-64116

Published: Oct 30, 2025Modified: Dec 8, 2025

5.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security-advisories@github.com (Secondary)

Description

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.

Affected (1)

Products: Leepeuker: Movary

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Leepeuker Movary	Before 0.69.0

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f

Source: security-advisories@github.com

Patch

https://github.com/leepeuker/movary/pull/713

Source: security-advisories@github.com

Issue Tracking

https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.