Open Redirect Vulnerability in Bunkerity Bunker Web on Linux
CVE-2025-8066

4.8MEDIUM

Key Information:

Vendor: Bunkerity
Status: Bunker Web
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-8066?

The Open Redirect vulnerability in Bunkerity's Bunker Web for Linux allows attackers to redirect users to untrusted sites, facilitating phishing attacks. When users interact with specially crafted URLs, they may unknowingly visit malicious sites, which can lead to the theft of sensitive information. This vulnerability affects version 1.6.2 of Bunker Web, underscoring the importance of proper URL validation to protect users from potential exploitation.

Affected Version(s)

Bunker Web Linux 1.6.2

References

https://fluidattacks.com/advisories/cypress

third-party-advisory

https://github.com/bunkerity/bunkerweb

product

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Jul 22, 2025