🚨 CVE-2025-47789: Open Redirect Vulnerability in Horilla HRMS Platform

CVE ID: CVE-2025-47789
Date: May 13, 2025
Vulnerability Type: Open Redirect (Unvalidated Redirects and Forwards)
Severity: Medium
Status: Vulnerable (at time of disclosure)
Platform: Horilla HRMS
CWE ID: CWE-601: URL Redirection to Untrusted Site

🔍 Overview

CVE-2025-47789 identifies an Open Redirect vulnerability on the Horilla HRMS platform. The vulnerability is present in the login mechanism, where the next parameter in the URL is not properly validated, allowing redirection to arbitrary third-party domains.

This can be exploited by attackers to redirect users to malicious or phishing websites, posing risks such as session hijacking or credential theft.

🧪 Proof of Concept (PoC)

Vulnerable URL:

https://demo.horilla.com/login/?next=https://example.com

Steps to Reproduce:

1. Navigate to the above link.
2. (Optional) Log in with valid credentials.
3. Observe the automatic redirect to https://example.com.

Any attacker can substitute example.com with a phishing or malicious domain of their choice.

🎯 Impact

• Phishing attacks leveraging domain trust.
• Redirection to malicious payloads or impersonation pages.
• User data theft via spoofed login pages.
• Could be weaponized in email/social engineering campaigns.

🛡️ Mitigation Recommendations

To address CVE-2025-47789:

1. Enforce that next only accepts relative paths (e.g., /dashboard).
2. Block or sanitize all absolute URLs (e.g., https://...).
3. If external redirects are necessary, implement a strict allowlist.

Suggested Code Fix (Pseudocode)

if not next_url.startswith('/'):
    next_url = '/dashboard'  # Fallback redirect