Open Redirect Vulnerability in Zenvia Movidesk Software
CVE-2025-0970

6.9MEDIUM

Key Information:

Vendor
Zenvia
Status
Movidesk
Vendor
CVE Published:
2 February 2025

Summary

A vulnerability exists in Zenvia Movidesk versions up to 25.01.22 that allows an attacker to manipulate the ReturnUrl argument in the /Account/Login file, leading to potential open redirect attacks. This issue can be exploited remotely, posing risks to users and their data. The exploit has been publicly disclosed, creating an urgent need for users to upgrade to version 25.01.22.245a473c54 or later to mitigate this threat.

Affected Version(s)

Movidesk 25.01.0

Movidesk 25.01.1

Movidesk 25.01.2

References

https://vuldb.com/?id.294361
vdb-entrytechnical-description
https://vuldb.com/?ctiid.294361
signaturepermissions-required
https://vuldb.com/?submit.485985
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.