Query String Vulnerability in Alt Redirect Addon for Statamic
CVE-2025-60868

6.5MEDIUM

Key Information:

Vendor: Statamic
Status: Alt Redirect
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-60868?

The Alt Redirect addon version 1.6.3 for Statamic is susceptible to a vulnerability that fails to properly strip query string parameters, even when the 'Query String Strip' feature is enabled. This oversight allows for the possibility of case variations, duplicated keys, and encoded parameters to persist. As a result, attackers could exploit this flaw to execute cache poisoning attacks, cause parameter pollution, or potentially facilitate denial-of-service incidents.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://statamic.com/addons/alt-design/alt-redirects/rele...

https://gist.github.com/kasiasok/870933de18d1400fa8be88e1...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 26, 2025

JSON

Statamic

What is CVE-2025-60868?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.