Description

Taguette is an open source qualitative research tool. In versions 1.5.1 and below, attackers can craft malicious URLs that redirect users to arbitrary external websites after authentication. The application accepts a user-controlled next parameter and uses it directly in HTTP redirects without any validation. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware. This issue is fixed in version 1.5.2.

INFO

Published Date :

2025-12-09T23:53:39.474Z

Last Modified :

2025-12-10T15:38:54.717Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-67502 vulnerability.

Vendors Products
Taguette
  • Taguette
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67502.

URL Resource
https://github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0f2a36 cve-icon cve-icon
https://github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact