CVE-2025-55751

OnboardLite Open Redirect Endpoint

CVSS 5.1 MEDIUMEPSS 0.3%CWE-601

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 ago 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link to the trusted application that, when visited, redirects the user to a malicious external site. This enables phishing, credential theft, malware delivery, and trust abuse. Any version with commit hash 6cca19e or later implements jwt signing for the redirect url parameter.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Produtos afetados

HackUCF · OnboardLite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/HackUCF/OnboardLite/commit/6cca19ea4f47af125caa08ef82594844f039e07e https://github.com/HackUCF/OnboardLite/security/advisories/GHSA-p8c5-qp4c-qr2m