CNNVD-202510-2107 Information

CNNVD ID

CNNVD-202510-2107

Related CVE

CVE-2025-62379

• CNNVD Published: 2025-10-15

Description (Chinese)

Reflex是Reflex开源的一个Web应用程序。 Reflex 0.5.4版本至0.8.14版本存在输入验证错误漏洞，该漏洞源于未验证redirect_to查询参数值，可能导致用户被重定向到任意外部URL。

Description (English)

Reflex is a Web application that is an open source of Reflex. Reflex versions 0.5.4 to 0.8.14 have input authentication error holes, which originate from unvalidated redirect to query parameter values, which may lead to the user being redirected to any external URL.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Reflex

Published

2025-10-15

Last Modified

2026-02-24

References

https://github.com/reflex-dev/reflex/security/advisories/GHSA-rfh5-c9h5-q8jm https://github.com/reflex-dev/reflex/commit/ade12549f3c0ddab3d7382c581bc04a3c1f989ec https://access.redhat.com/security/cve/cve-2025-62379

Patch

https://github.com/reflex-dev/reflex/releases