Open Redirect Vulnerability in KoaJS Koa Library
CVE-2025-8129
Key Information:
Badges
What is CVE-2025-8129?
An open redirect vulnerability has been identified in the KoaJS Koa library, specifically within the HTTP Header Handler in 'lib/response.js'. This flaw allows for the manipulation of the 'Referrer' argument, which can be exploited to redirect users to unintended external sites. The vulnerability potentially enables remote attackers to execute phishing schemes or lead users to malicious platforms without their consent. It is crucial to review and apply recommended mitigations to safeguard applications using affected versions of Koa.
Affected Version(s)
Koa 3.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved