CVE-2025-6089 in iShare Maps
Summary
by MITRE • 06/15/2025
A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/27/2026
The vulnerability identified as CVE-2025-6089 represents a critical security flaw in Astun Technology iShare Maps version 5.4.0, specifically within the atCheckJS.aspx component. This issue falls under the category of open redirect vulnerabilities, which are particularly dangerous because they allow attackers to redirect users to malicious websites while maintaining the appearance of legitimacy. The vulnerability is classified as problematic due to its potential for abuse in phishing attacks and social engineering campaigns, where users might be tricked into visiting harmful sites that appear to be legitimate extensions of the iShare Maps platform.
The technical exploitation of this vulnerability occurs through manipulation of the ref argument parameter within the atCheckJS.aspx file. When an attacker crafts a malicious URL containing a crafted ref parameter, the application fails to properly validate or sanitize this input before using it to redirect users. This lack of proper input validation creates an opening for attackers to redirect victims to arbitrary web addresses, potentially including malicious domains designed to steal credentials, install malware, or conduct further phishing operations. The vulnerability's classification as an open redirect issue aligns with CWE-601, which specifically addresses URL redirection and forwarding vulnerabilities that can be exploited to direct users to untrusted websites.
The operational impact of this vulnerability is significant, as it enables remote exploitation without requiring any local access or authentication. Attackers can disseminate malicious links through various channels including email campaigns, compromised websites, or social media platforms, making the attack surface extremely broad. The fact that the exploit has been publicly disclosed and is potentially in use increases the risk to organizations relying on iShare Maps 5.4.0, as they may already be experiencing active exploitation attempts. This vulnerability particularly affects organizations that use the iShare Maps platform for sharing sensitive geographic information, as the redirect could be used to steal session cookies or other authentication tokens, potentially leading to full system compromise.
The lack of vendor response to early disclosure attempts represents a concerning aspect of this vulnerability, as it leaves affected organizations without official patches or mitigation guidance. This delay in vendor response is particularly problematic given the public availability of the exploit and the potential for active exploitation. Organizations should consider implementing immediate defensive measures while awaiting official patches, including network-level restrictions on access to the vulnerable component and monitoring for suspicious redirect patterns in application logs. The vulnerability's classification under the ATT&CK framework would likely fall under T1566, which covers phishing techniques and specifically targets the manipulation of web redirects to compromise user trust and gain unauthorized access to systems. Given the nature of the vulnerability, organizations should also consider implementing web application firewalls and input validation rules to prevent unauthorized redirect attempts, while conducting thorough security assessments of their iShare Maps implementations to identify and remediate similar issues in other components of the platform.