Description

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.

INFO

Published Date :

2025-12-05T22:47:44.994Z

Last Modified :

2025-12-08T20:48:32.268Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66629 vulnerability.

Vendors Products
Hedgedoc
  • Hedgedoc
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66629.

URL Resource
https://github.com/hedgedoc/hedgedoc/commit/35f36fccba941ed8029ee222f7d2a5df17b42e2b cve-icon cve-icon
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6wm6-3vpq-6qvv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact