CVE-2025-26058 — MEDIUM (4.2)

Vulnerability Description

Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Webkul	Qloapps	1.6.1

Related Weaknesses (CWE)

CWE-598

References

https://github.com/mano257200/QloApps-VULExploitThird Party Advisory

FAQ

What is CVE-2025-26058?

CVE-2025-26058 is a vulnerability with a CVSS score of 4.2 (MEDIUM). Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens dire...

How severe is CVE-2025-26058?

CVE-2025-26058 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-26058?

Check the references section above for vendor advisories and patch information. Affected products include: Webkul Qloapps.