Description

Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.

INFO

Published Date :

2025-11-26T01:59:06.790Z

Last Modified :

2025-11-26T15:15:02.930Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66025 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66025.

URL Resource
https://github.com/caido/caido/security/advisories/GHSA-cf52-h5mw-gmc2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact