CVE-2025-15241

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended.

Vulnerability Details

Published Date

December 30, 2025

Last Modified

December 31, 2025

CWE ID

CWE-601

Source

NVD

External References

https://github.com/Stolichnayer/cloudpanel-open-redirect
https://github.com/Stolichnayer/cloudpanel-open-redirect?tab=readme-ov-file#%EF%B8%8F-steps-to-reproduce
https://github.com/cloudpanel-io/cloudpanel-ce/releases/tag/v2.5.2
https://vuldb.com/?ctiid.338631
https://vuldb.com/?id.338631
https://vuldb.com/?submit.725543

CVE-2025-15241

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment