| Title | CloudPanel CloudPanel Community Edition 2.5.1 URL Redirection to Untrusted Site ('Open Redirect') |
|---|
| Description | CloudPanel Community Edition (CE) before v2.5.2 contains an open redirect vulnerability in the "/admin/users" endpoint due to improper validation of the Referer HTTP header, allowing an attacker to supply a crafted external URL that triggers a 302 redirect to an arbitrary domain, which can be leveraged for phishing attacks by redirecting users from a legitimate CloudPanel page to a malicious website. |
|---|
| Source | ⚠️ https://github.com/Stolichnayer/cloudpanel-open-redirect |
|---|
| User | alexperrakis (UID 85369) |
|---|
| Submission | 12/28/2025 21:41 (4 months ago) |
|---|
| Moderation | 12/29/2025 09:10 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338631 [CloudPanel Community Edition up to 2.5.1 HTTP Header /admin/users Referer redirect] |
|---|
| Points | 19 |
|---|