Vulnerability Description
Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Taguette | Taguette | < 1.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0fPatch
- https://github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprmExploitThird Party Advisory
FAQ
What is CVE-2025-67502?
CVE-2025-67502 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The appl...
How severe is CVE-2025-67502?
CVE-2025-67502 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-67502?
Check the references section above for vendor advisories and patch information. Affected products include: Taguette Taguette.