KodExplorer 4.52 Open Redirect Vulnerability via User Login Endpoint

Advisories

severity: medium
date: December 11, 2025
Affecting: KodExplorer 4.52
CVE: CVE-2025-34504
CWE: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-52245
KodExplorer Homepage
KodExplorer GitHub Repository
Credit: Rahad Chowdhury
Description: KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.