Login Sign Up

CVE-2025-0705

4.3 MEDIUM
Open Redirect

📋 TL;DR

This CVE describes an open redirect vulnerability in JoeyBling bootplus software. Attackers can manipulate the 'text' parameter in the qrCode function to redirect users to malicious websites. Any system running vulnerable versions of bootplus with the affected QrCodeController is at risk.

💻 Affected Systems

Products:
  • JoeyBling bootplus
Versions: Up to commit 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d
Operating Systems: Any OS running Java applications
Default Config Vulnerable: ⚠️ Yes
Notes: This is a rolling release product, so specific version numbers are not available. All instances using the vulnerable QrCodeController are affected.

📦 What is this software?

Bootplus by Joeybling

View all CVEs affecting Bootplus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.

🟠

Likely Case

Attackers redirect users to malicious sites for phishing, ad fraud, or credential harvesting campaigns.

🟢

If Mitigated

With proper input validation and URL filtering, redirects would be blocked or users would receive warnings before being redirected.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed in GitHub issues. Remote exploitation is straightforward with minimal technical skill required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://github.com/JoeyBling/bootplus/issues/27

Restart Required: Yes

Instructions:

1. Check the GitHub repository for updates. 2. Update to the latest commit after 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. 3. Restart the application.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to only allow trusted domains in redirect URLs

Implement URL validation in QrCodeController.java to check domain whitelist

Disable QR Code Functionality

all

Temporarily disable the vulnerable qrCode endpoint

Comment out or remove @RequestMapping for qrCode endpoint in QrCodeController

🧯 If You Can't Patch

  • Implement WAF rules to block open redirect patterns in the text parameter
  • Deploy network monitoring to detect redirects to untrusted domains

🔍 How to Verify

Check if Vulnerable:

Test the qrCode endpoint with a malicious redirect URL parameter and check if it redirects

Check Version:

git log --oneline -1

Verify Fix Applied:

Test the same malicious redirect URL after patching to confirm it's blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual redirect patterns in application logs
  • Requests to qrCode endpoint with suspicious URL parameters

Network Indicators:

  • HTTP 302 redirects to unexpected domains
  • Traffic patterns showing users being redirected from your site to unknown domains

SIEM Query:

source="application.log" AND "QrCodeController" AND "redirect" AND NOT domain IN (trusted_domains)

📊 Metadata

CVE ID: CVE-2025-0705
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-601
EPSS Score: 0.06% exploit probability (19th percentile)
Published: January 24, 2025
Last Updated: October 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0705, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)
CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)
CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)