CVE-2025-14692
📋 TL;DR
This CVE describes an open redirect vulnerability in Mayan EDMS up to version 4.10.1. Attackers can manipulate the authentication component to redirect users to malicious websites. Organizations using Mayan EDMS versions 4.10.1 and earlier are affected.
💻 Affected Systems
- Mayan EDMS
📦 What is this software?
Mayan Edms by Mayan Edms
⚠️ Risk & Real-World Impact
Worst Case
Users could be redirected to phishing sites that steal credentials or deliver malware, potentially leading to account compromise or system infection.
Likely Case
Attackers redirect users to phishing pages to harvest credentials or display malicious content.
If Mitigated
With proper web application firewalls and user awareness training, impact is limited to failed redirect attempts.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available on GitHub, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.10.2
Vendor Advisory: https://docs.mayan-edms.com/chapters/releases/4.10.2.html#security
Restart Required: Yes
Instructions:
1. Backup your Mayan EDMS installation and database
2. Upgrade to version 4.10.2 using pip: pip install mayan-edms==4.10.2
3. Run database migrations: mayan-edms.py performupgrade
4. Restart the Mayan EDMS service
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock redirects to external domains from the authentication endpoint
WAF-specific rules to block requests to /authentication/ with external URLs in parameters
Reverse Proxy Configuration
linuxConfigure reverse proxy to validate redirect URLs
nginx: location ~ ^/authentication/ { if ($args ~* "(http|https)://[^/]*") { return 403; } }
Apache: RewriteCond %{QUERY_STRING} (http|https):// [NC]
RewriteRule ^authentication/ - [F]
🧯 If You Can't Patch
- Implement strict web application firewall rules to block external redirects from the authentication endpoint
- Monitor authentication logs for suspicious redirect patterns and implement user awareness training about phishing risks
🔍 How to Verify
Check if Vulnerable:
Check if Mayan EDMS version is 4.10.1 or earlier by examining the installed package versionCheck Version:
pip show mayan-edms | grep VersionVerify Fix Applied:
Confirm installation of version 4.10.2 and test that redirects from /authentication/ only go to allowed internal URLs📡 Detection & Monitoring
Log Indicators:
- HTTP 302 redirect responses from /authentication/ endpoint with external domains
- Unusual redirect patterns in authentication logs
Network Indicators:
- Outbound HTTP/HTTPS requests to unfamiliar domains following authentication attempts
SIEM Query:
source="mayan_edms_logs" AND (url_path="/authentication/" AND status_code=302 AND redirect_url CONTAINS "http")