{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-67502","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-12-08T21:19:11.206Z","datePublished":"2025-12-09T23:53:39.474Z","dateUpdated":"2025-12-10T15:38:54.717Z"},"containers":{"cna":{"title":"Taguette does not safeguard against Open Redirect","problemTypes":[{"descriptions":[{"cweId":"CWE-601","lang":"en","description":"CWE-601: URL Redirection to Untrusted Site ('Open Redirect')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","version":"3.1"}}],"references":[{"name":"https://github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprm","tags":["x_refsource_CONFIRM"],"url":"https://github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprm"},{"name":"https://github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0f2a36","tags":["x_refsource_MISC"],"url":"https://github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0f2a36"}],"affected":[{"vendor":"remram44","product":"taguette","versions":[{"version":"< 1.5.2","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-12-09T23:53:39.474Z"},"descriptions":[{"lang":"en","value":"Taguette is an open source qualitative research tool. In versions 1.5.1 and below,  attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2."}],"source":{"advisory":"GHSA-5923-r76v-mprm","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-10T15:37:54.495911Z","id":"CVE-2025-67502","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-10T15:38:54.717Z"}}]}}