KoaJS Koa HTTP Header response.js back redirect_CVE-2025-8129

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-8129

Source VulDB

Published Jul 25, 2025 at 04:02

Modified Jul 25, 2025 at 12:01

Affected Product

Vendor KoaJS

Product Koa

Version 3.0

Affected Versions KoaJS Koa 3.0

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-07-25T04:02:05.418Z",
    "modified": "2025-07-25T12:01:53.033Z",
    "type": "cve",
    "title": "KoaJS Koa HTTP Header response.js back redirect",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.317514\nhttps://vuldb.com/?ctiid.317514\nhttps://vuldb.com/?submit.619741\nhttps://github.com/koajs/koa/issues/1892\nhttps://github.com/koajs/koa/issues/1892#issue-3213028583",
    "id": "CVE-2025-8129",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "KoaJS Koa 3.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Koa",
    "version": "3.0",
    "vendor": "KoaJS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}