CNNVD-202512-2807 Information

CNNVD ID

CNNVD-202512-2807

Related CVE

CVE-2025-65581

• CNNVD Published: 2025-12-16

Description (Chinese)

abp是ABP开源的一个web应用程序框架。 abp 5.1.0版本至10.0.0-rc.2之前版本存在安全漏洞，该漏洞源于未正确验证returnUrl参数，可能导致重定向到任意外部域。

Description (English)

abp is a web application framework that is open to BP. abp 5.1.0 to 10.0.0-rc.2 prior to the security loophole, which results from incorrect verification of returnurl parameters and may lead to redirection to any external domain.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ABP

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/abpframework/abp/commit/44a2dc14e933f3ce1ca93f9313d836694ab77d1d https://github.com/abpframework/abp/commit/a01adc58464d278ca817c4bbb6cbce30f155d0d1

Patch

https://github.com/abpframework/abp/releases