Open Redirect Vulnerability in Datasette by Simon Willison
CVE-2025-64481

NONE

Key Information:

Vendor

Simonw

Status
Datasette
Vendor
CVE Published:
7 November 2025

What is CVE-2025-64481?

An open redirect vulnerability exists in the Datasette multi-tool, affecting earlier versions than 0.65.2 and between 1.0a0 to 1.0a19. This flaw enables users to be redirected unexpectedly when accessing specific paths, potentially exposing them to phishing attacks. The affected paths, when requested with a trailing slash, redirect to their own URLs, undermining user trust. Users are urged to update to the patched versions or configure proxies to address this issue.

Affected Version(s)

datasette < 0.65.2 < 0.65.2

datasette >= 1.0a0, < 1.0a20 < 1.0a0, 1.0a20

References

https://github.com/simonw/datasette/security/advisories/G...
x_refsource_CONFIRM
https://github.com/simonw/datasette/issues/2429
x_refsource_MISC
https://github.com/simonw/datasette/commit/f257ca6edb6484...
x_refsource_MISC

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-64481 : Open Redirect Vulnerability in Datasette by Simon Willison