- Description
- A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. The manipulation of the argument ReturnUrl leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- cna@vuldb.com
- CWE-601
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2025-0970 | Zenvia Movidesk up to 25.01.29.29c1a0aa07 /Account/Login ReturnUrl Yago Martins redirect) has been published on https://t.co/0wFd0MNTsB
@WolfgangSesin
6 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0970 02/02/2025 11:15:19 PM BaseSeverity: MEDIUM A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. Th... https://t.co/R2S9AvDb7B
@CVETracker
3 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Breakingnews: "CVE-2025-0970" A new CVE detected - with severity "MEDIUM". More:https://t.co/5KsMleHAhi. 📢 Follow us for more updates! #CVE #ThreatAlert #InfoSec #CriticalVulnerability
@bluepinksec
3 Feb 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0970 Open Redirect Vulnerability in Zenvia Movidesk via ReturnUrl in /Account/Login https://t.co/PWEvbaB3yV
@VulmonFeeds
2 Feb 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0970 A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file… https://t.co/CRTM9G2M73
@CVEnew
2 Feb 2025
676 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes