Query String Vulnerability in Alt Redirect Addon for Statamic
CVE-2025-60868

6.5MEDIUM

Key Information:

Vendor: Statamic
Status: Alt Redirect
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-60868?

The Alt Redirect addon version 1.6.3 for Statamic is susceptible to a vulnerability that fails to properly strip query string parameters, even when the 'Query String Strip' feature is enabled. This oversight allows for the possibility of case variations, duplicated keys, and encoded parameters to persist. As a result, attackers could exploit this flaw to execute cache poisoning attacks, cause parameter pollution, or potentially facilitate denial-of-service incidents.

References

https://statamic.com/addons/alt-design/alt-redirects/rele...

https://gist.github.com/kasiasok/870933de18d1400fa8be88e1...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-60868 Data

JSON