CVE-2025-8066

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Active

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

Bunkerity / Bunker Web1.6.2 – 1.6.4

References

VENDOR_ADVISORYhttps://fluidattacks.com/advisories/cypress
MISChttps://github.com/bunkerity/bunkerweb
PATCHhttps://github.com/bunkerity/bunkerweb/releases/tag/v1.6.4