CVE-2025-67713

Name
CVE-2025-67713
Description
Miniflux 2 is an open source feed reader. Versions 2.2.14 and below treat redirect_url as safe when url.Parse(...).IsAbs() is false, enabling phishing flows after login. Protocol-relative URLs like //ikotaslabs.com have an empty scheme and pass that check, allowing post-login redirects to attacker-controlled sites. This issue is fixed in version 2.2.15.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/miniflux/v2/commit/76df99f3a3db234cf6b312be5e771485213d03c7
CONFIRM https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9

Match rules

CPE URI Source package Min version Max version
v2 >= 0 < 2.2.15
cpe:2.3:a:miniflux_project:miniflux:*:*:*:*:*:go:*:* miniflux >= None < 2.2.15

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
miniflux edge-community 2.2.14-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.14-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.13-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.13-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.12-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.12-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.11-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.11-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.10-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.10-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.9-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.8-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.8-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.6-r2 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.6-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.6-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.5-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.5-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.4-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.4-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux edge-community 2.2.3-r0 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r6 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r5 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r4 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r3 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r2 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable
miniflux 3.23-community 2.2.14-r1 Thomas J Faughnan Jr <thomas@faughnan.net> possibly vulnerable