CVE-2025-10229
📋 TL;DR
This CVE describes an open redirect vulnerability in Freshwork's logout endpoint. Attackers can manipulate the post_logout_redirect_uri parameter to redirect users to malicious websites after logout. This affects Freshwork installations up to version 1.2.3.
💻 Affected Systems
- Freshwork
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.
Likely Case
Attackers use the redirect for phishing campaigns, tricking users into entering credentials on fake login pages.
If Mitigated
With proper user awareness training and browser security controls, users might recognize suspicious redirects before entering sensitive information.
🎯 Exploit Status
Exploit details have been publicly disclosed and can be executed remotely. Attackers need to trick users into clicking a crafted logout link.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.3
Vendor Advisory: Not provided
Restart Required: No
Instructions:
1. Upgrade Freshwork to version 1.2.3 or later. 2. Verify the update was successful by checking the version. 3. Test the logout functionality to ensure redirects are properly validated.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to restrict redirect URLs to trusted domains only
WAF Rule
allConfigure web application firewall to block requests with suspicious redirect parameters
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to restrict redirect destinations
- Monitor logs for suspicious redirect patterns and unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Test the /api/v2/logout endpoint with a malicious post_logout_redirect_uri parameter to see if it redirects to an external domainCheck Version:
Check Freshwork configuration or admin panel for version informationVerify Fix Applied:
After patching, test with the same malicious parameter and verify it either blocks the redirect or redirects to a safe default location📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in application logs
- Multiple logout requests with external URLs in parameters
Network Indicators:
- HTTP 302 redirects to external domains after logout requests
SIEM Query:
source="freshwork.logs" AND uri="/api/v2/logout" AND (post_logout_redirect_uri CONTAINS "http://" OR post_logout_redirect_uri CONTAINS "https://")