FKIE_CVE-2025-55706

Vulnerability from fkie_nvd - Published: 2025-08-20 05:15 - Updated: 2026-06-17 09:42
Summary
URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.
Impacted products
Vendor Product Version

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Movable Type (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0 to 8.0.6"
            },
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.2 (8 series)"
            }
          ]
        },
        {
          "product": "Movable Type (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.5508 and earlier (7 series)"
            }
          ]
        },
        {
          "product": "Movable Type Advanced (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0 to 8.0.6"
            },
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.2 (8 series)"
            }
          ]
        },
        {
          "product": "Movable Type Advanced (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.5508 and earlier (7 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.09 and earlier (2 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.66 and earlier (1 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium (Advanced Edition) (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.09 and earlier (2 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium (Advanced Edition) (Software Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.66 and earlier (1 series)"
            }
          ]
        },
        {
          "product": "Movable Type (Cloud Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "8.6.0 (8 series)"
            }
          ]
        },
        {
          "product": "Movable Type (Cloud Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "7 r.5508 (7 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium  (Cloud Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "2.09 (2 series)"
            }
          ]
        },
        {
          "product": "Movable Type Premium  (Cloud Edition)",
          "vendor": "Six Apart Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "1.66 (1 series)"
            }
          ]
        }
      ],
      "source": "vultures@jpcert.or.jp"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "URL redirection to untrusted site (\u0027Open Redirect\u0027)  issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL."
    },
    {
      "lang": "es",
      "value": "Existe un problema de redirecci\u00f3n de URL a un sitio no confiable (\u0027Open Redirect\u0027) en Movable Type. Si se explota esta vulnerabilidad, se podr\u00eda insertar un par\u00e1metro no v\u00e1lido en la p\u00e1gina de restablecimiento de contrase\u00f1a, lo que podr\u00eda provocar una redirecci\u00f3n a una URL arbitraria."
    }
  ],
  "id": "CVE-2025-55706",
  "lastModified": "2026-06-17T09:42:05.857",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-55706",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-08-20T15:57:20.123486Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2025-08-20T05:15:28.253",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/jp/JVN76729865/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://movabletype.org/news/2025/08/mt-843-released.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…