Open Redirect Vulnerability in Stoque Zeev.it Login Page Component
CVE-2025-2192

5.3MEDIUM

Key Information:

Vendor
Stoque
Status
Zeev.it
Vendor
CVE Published:
11 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An open redirect vulnerability has been identified in the Stoque Zeev.it version 4.24, specifically within the login page component. This vulnerability arises from improper handling of the 'inpRedirectURL' parameter, allowing attackers to manipulate it and redirect users to unauthorized locations. Remote exploitation of this vulnerability is feasible, posing a significant risk if targeted. Despite early disclosure attempts to the vendor, no response has been recorded, making it crucial for users to assess their systems for potential exploitation.

Affected Version(s)

Zeev.it 4.24

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-2192 - Proof of Concept

References

https://vuldb.com/?id.299217
vdb-entrytechnical-description
https://vuldb.com/?ctiid.299217
signaturepermissions-required
https://vuldb.com/?submit.511708
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.