CVE-2025-2192 in Zeev.it
Summary
by MITRE • 03/11/2025
A vulnerability, which was classified as problematic, was found in Stoque Zeev.it 4.24. This affects an unknown part of the file /Login?inpLostSession=1 of the component Login Page. The manipulation of the argument inpRedirectURL leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 06/14/2026
This vulnerability represents a critical security flaw in the Stoque Zeev.it 4.24 web application where an open redirect vulnerability exists within the login page component. The issue specifically manifests in the /Login?inpLostSession=1 endpoint where the inpRedirectURL parameter can be manipulated to redirect users to arbitrary external domains. This type of vulnerability falls under the CWE-601 category of Open Redirect, which is classified as a security weakness that allows attackers to redirect users to malicious websites. The vulnerability is particularly concerning because it can be exploited remotely without requiring any authentication or privileged access, making it highly accessible to threat actors.
The technical implementation of this flaw involves the application failing to properly validate or sanitize the inpRedirectURL parameter before using it to redirect users after authentication. When a user accesses the login page with a malicious inpRedirectURL value, the application processes this input without adequate verification, allowing an attacker to craft URLs that redirect victims to phishing sites or malicious domains. This vulnerability operates at the application layer and specifically targets the web application's redirect functionality, which is commonly implemented using HTTP redirect headers or client-side JavaScript redirects. The attack vector is particularly dangerous because it can be combined with social engineering techniques to trick users into visiting malicious sites while appearing to be legitimate application redirects.
The operational impact of this vulnerability extends beyond simple redirection as it creates multiple attack surfaces for potential exploitation. Attackers can leverage this flaw to conduct phishing campaigns by redirecting users to credential-stealing pages, or to deliver malware through malicious downloads. The vulnerability's public disclosure status means that threat actors have already developed working exploits, increasing the risk of active exploitation against affected systems. The lack of vendor response to early disclosure attempts further compounds the risk, leaving organizations without official patches or mitigation guidance. This open redirect vulnerability can also be chained with other attacks such as cross-site scripting or session hijacking to create more sophisticated attack vectors that can compromise user sessions and exfiltrate sensitive data.
Organizations should implement immediate mitigations including input validation and sanitization of all redirect parameters, implementing a whitelist of approved redirect domains, and using absolute URLs instead of relative paths for redirects. The implementation should follow security best practices aligned with the OWASP Top Ten and NIST cybersecurity frameworks. Additionally, network-level controls such as web application firewalls and URL filtering can provide additional layers of protection. Security teams should monitor for exploitation attempts and consider implementing security headers like Content Security Policy to prevent unauthorized redirects. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other application components, as this type of flaw often indicates broader input validation weaknesses within the application architecture. The vulnerability demonstrates the importance of proper security testing and the need for comprehensive security awareness training to prevent such flaws from being introduced during development phases.