{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12789", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2025-11-06T02:26:31.270Z", "datePublished": "2025-11-06T23:20:50.489Z", "dateUpdated": "2025-11-06T23:20:50.489Z"}, "containers": {"cna": {"title": "Rhsso: open redirect", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Single Sign-On 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhsso", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:red_hat_single_sign_on:7"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-12789", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413001", "name": "RHBZ#2413001", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2025-11-06T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2025-11-06T02:28:32.424000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-11-06T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Edcarlos Junior for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-06T23:20:50.489Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL."}], "id": "CVE-2025-12789", "lastModified": "2025-11-07T00:15:53.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2025-11-07T00:15:53.117", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2025-12789"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413001"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Edcarlos Junior for reporting this issue.", "bugzilla": {"description": "rhsso: Open Redirect", "id": "2413001", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413001"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-12789", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Out of support scope", "package_name": "rhsso", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2025-11-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-12789\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-12789"], "statement": "Red Hat Single Sign-On is on end of life. This affects only 7.3.33 and previous versions.", "threat_severity": "Moderate"}

{}