Authentication Token Exposure in Webkul QloApps by Webkul
CVE-2025-26058

4.2MEDIUM

Key Information:

Vendor: Webkul
Status: QloApps
Vendor: CVE Published:; 18 February 2025

What is CVE-2025-26058?

Webkul QloApps v1.6.1 is susceptible to a security flaw where sensitive authentication tokens are appended to URLs during redirection. This situation arises when users access the admin panel or other protected areas, inadvertently exposing their tokens. Such exposure can lead to unauthorized access and compromise account security, making it essential for users to be aware of this vulnerability and take protective measures.

References

https://github.com/mano257200/QloApps-VUL

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2025
Vulnerability Reserved
Feb 7, 2025