CVE-2026-25198

4.7 MEDIUM
Published: February 05, 2026 Modified: February 05, 2026
View on NVD

Description

web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior contain an open redirect vulnerability. If this vulnerability is exploited, the user may be redirected to an arbitrary website when accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/web2py/web2py/commit/b4e1ddbd6d40fb30863f6263a67bcdf411a0c6df
Source: vultures@jpcert.or.jp
https://github.com/web2py/web2py/releases
Source: vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN46925341/
Source: vultures@jpcert.or.jp
https://web2py.com/
Source: vultures@jpcert.or.jp

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.7 / 10.0
EPSS (Exploit Probability)
0.0%
1th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-601

Related CVEs

CVE-2026-4555 8.8
CVE-2026-4554 6.3
CVE-2026-33319 5.9
CVE-2026-33296 N/A
CVE-2026-33295 N/A