Open Redirect Vulnerability in Movable Type by Six Apart
CVE-2025-55706

5.1MEDIUM

Key Information:

Vendor: Six Apart Ltd.
Status: Movable Type (software Edition); Movable Type Advanced (software Edition); Movable Type Premium (software Edition); Movable Type Premium (advanced Edition) (software Edition)
Vendor: CVE Published:; 20 August 2025

🔔 Create Six Apart Ltd. Vulnerability Alert

What is CVE-2025-55706?

A URL redirection to an untrusted site vulnerability exists in Movable Type, allowing an attacker to manipulate parameters in the password reset page. This flaw can lead to users being redirected to potentially malicious or arbitrary websites, posing a risk to user security and data integrity.

Affected Version(s)

Movable Type (Cloud Edition) 8.6.0 (8 series)

Movable Type (Cloud Edition) 7 r.5508 (7 series)

Movable Type (Software Edition) 8.0.0 to 8.0.6

References

https://movabletype.org/news/2025/08/mt-843-released.html

https://jvn.jp/en/jp/JVN76729865/

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2025
Vulnerability Reserved
Aug 14, 2025

JSON