Open Redirect Vulnerability in zlt2000 Microservices-Platform
CVE-2025-8737

5.1MEDIUM

Key Information:

Vendor

Zlt2000

Status
Microservices-platform
Vendor
CVE Published:
8 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8737?

A security issue has been identified in the zlt2000 Microservices-Platform prior to version 6.0.0, specifically concerning the onLogoutSuccess function within the OauthLogoutSuccessHandler.java file. The vulnerability allows for the manipulation of the redirect_url argument, enabling an open redirect attack. This flaw can be exploited remotely, creating potential risks for users by directing them to unauthorized sites. Public disclosure of this exploit has raised concerns about its potential misuse.

Affected Version(s)

microservices-platform 6.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8737 - Proof of Concept

References

https://vuldb.com/?id.319233
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319233
signaturepermissions-required
https://vuldb.com/?submit.623477
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZAST.AI (VulDB User)
.
CVE-2025-8737 : Open Redirect Vulnerability in zlt2000 Microservices-Platform