Jitsi Meet has DOM Redirect on Microsoft OAuth Flow

2.7 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Description

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.

Basic Information

ID CVE-2025-64754

Source GitHub_M

Published Nov 13, 2025 at 21:48

Affected Product

Vendor jitsi

Product jitsi-meet

Version < 2.0.10532

Affected Versions jitsi jitsi-meet < 2.0.10532

CWE Classification

CWE-601

References

github.com /jitsi/jitsi-meet/security/advisories/GHSA-5fx7-wgcr-fj78

{
    "lastseen": "",
    "description": "Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available.",
    "published": "2025-11-13T21:48:08.692Z",
    "modified": "2025-11-13T21:48:08.692Z",
    "type": "cve",
    "title": "Jitsi Meet has DOM Redirect on Microsoft OAuth Flow",
    "source": "GitHub_M",
    "references": "https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-5fx7-wgcr-fj78",
    "id": "CVE-2025-64754",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "jitsi jitsi-meet < 2.0.10532",
    "sourceHref": "",
    "cvss": {
        "score": 2.7,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jitsi-meet",
    "version": "< 2.0.10532",
    "vendor": "jitsi",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Jitsi Meet has DOM Redirect on Microsoft OAuth Flow_CVE-2025-64754