CVE-2025-11222 – Central Dogma versions before 0.78.0 contain an... (How to Fix)

Q: What is the severity of CVE-2025-11222?

CVE-2025-11222 has a CVSS score of 6.1 (MEDIUM). Central Dogma versions before 0.78.0 contain an open redirect vulnerability that allows attackers to craft malicious URLs that redirect users to untrusted external websites. This affects all users of vulnerable Central Dogma instances who click on specially crafted links, potentially leading to phishing attacks and credential theft.

📋 TL;DR

Central Dogma versions before 0.78.0 contain an open redirect vulnerability that allows attackers to craft malicious URLs that redirect users to untrusted external websites. This affects all users of vulnerable Central Dogma instances who click on specially crafted links, potentially leading to phishing attacks and credential theft.

💻 Affected Systems

Products:

Central Dogma

Versions: All versions before 0.78.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Central Dogma by Linecorp

View all CVEs affecting Central Dogma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers successfully redirect users to convincing phishing sites that harvest credentials, session tokens, or install malware, leading to full account compromise and lateral movement.

🟠

Likely Case

Users are redirected to phishing pages attempting to steal credentials or session information, with success depending on user awareness and security controls.

🟢

If Mitigated

Users are redirected but security controls like multi-factor authentication, email warnings, or browser protections prevent credential theft.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Open redirect vulnerabilities are typically easy to exploit with simple URL manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.78.0

Vendor Advisory: https://github.com/line/centraldogma/security/advisories/GHSA-4hr2-xf7w-jf76

Restart Required: Yes

Instructions:

1. Stop Central Dogma service. 2. Update to version 0.78.0 or later. 3. Restart Central Dogma service. 4. Verify the update was successful.

🔧 Temporary Workarounds

URL Validation Filter

all

Implement server-side validation to reject URLs with external domains in redirect parameters.

Reverse Proxy Filtering

all

Configure reverse proxy (nginx, Apache) to block redirects to external domains.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block open redirect attempts.
Educate users about phishing risks and implement email/link scanning for suspicious redirects.

🔍 How to Verify

Check if Vulnerable:

Check Central Dogma version. If version is below 0.78.0, the system is vulnerable.

Check Version:

Check Central Dogma logs or configuration for version information.

Verify Fix Applied:

After updating, test redirect functionality with external URLs to ensure they are blocked or validated.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in access logs
Requests with external URLs in parameters

Network Indicators:

HTTP 302/301 redirects to external domains
Suspicious referrer patterns

SIEM Query:

http.status_code IN (301, 302) AND url.query CONTAINS "redirect=" AND NOT url.domain IN allowed_domains

📊 Metadata

CVE ID: CVE-2025-11222

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: December 4, 2025

Last Updated: December 19, 2025

🔗 References

https://github.com/line/centraldogma/security/advisories/GHSA-4hr2-xf7w-jf76 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11222, you might also want to check these: