Description

Datasette is an open source multi-tool for exploring and publishing data. In versions 0.65.1 and below and 1.0a0 through 1.0a19, deployed instances of Datasette include an open redirect vulnerability. Hits to the path //example.com/foo/bar/ (the trailing slash is required) will redirect the user to https://example.com/foo/bar. This problem has been patched in both Datasette 0.65.2 and 1.0a21. To workaround this issue, if Datasette is running behind a proxy, that proxy could be configured to replace // with / in incoming request URLs.

INFO

Published Date :

2025-11-07T20:35:39.827Z

Last Modified :

2025-12-26T21:51:26.384Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64481 vulnerability.

Vendors Products
Datasette
  • Datasette
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64481.

URL Resource
https://github.com/simonw/datasette/commit/f257ca6edb64848c3b04b54d41e347c54fe57c05 cve-icon cve-icon
https://github.com/simonw/datasette/issues/2429 cve-icon cve-icon
https://github.com/simonw/datasette/security/advisories/GHSA-w832-gg5g-x44m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability