CVE-2025-44109

5.4 MEDIUM

Open Redirect

📋 TL;DR

CVE-2025-44109 is an open redirect vulnerability in Pinokio v3.6.23 that allows attackers to redirect users to malicious websites. This affects all users of the vulnerable Pinokio version who click on specially crafted links. Attackers can exploit this to conduct phishing attacks or redirect users to malware distribution sites.

💻 Affected Systems

Products:

• Pinokio

Versions: v3.6.23

Operating Systems: All platforms running Pinokio

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the URL handling mechanism and affects all installations of the specified version.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to sophisticated phishing sites that steal credentials or install malware, leading to account compromise or system infection.

🟠

Likely Case

Users are redirected to phishing pages attempting to steal login credentials or personal information.

🟢

If Mitigated

With proper user awareness training and browser security controls, users may recognize suspicious redirects and avoid interacting with malicious content.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available in the provided references, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is currently available. Monitor the Pinokio project for security updates and apply them when released.

🔧 Temporary Workarounds

Disable or Uninstall Pinokio

all

Remove the vulnerable software until a patch is available

Copy

sudo apt remove pinokio
brew uninstall pinokio
Remove via your system's package manager

Network Filtering

all

Block suspicious redirect patterns at network perimeter

🧯 If You Can't Patch

• Implement web application firewall rules to detect and block open redirect patterns
• Educate users about phishing risks and train them to verify URLs before clicking

🔍 How to Verify

Check if Vulnerable:

Copy

Check if Pinokio version is 3.6.23 using the version check command

Check Version:

Copy

pinokio --version

Verify Fix Applied:

Copy

Verify Pinokio has been updated to a version later than 3.6.23

📡 Detection & Monitoring

Log Indicators:

• Unusual redirect patterns in application logs
• Multiple failed authentication attempts following redirects

Network Indicators:

• HTTP 302 redirects to external domains from Pinokio application
• Suspicious outbound connections following redirects

SIEM Query:

Copy

source="pinokio.log" AND (url_redirect OR 302) AND dest_domain NOT IN (allowed_domains)

📊 Metadata

CVE ID: CVE-2025-44109

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE: CWE-601

EPSS Score: 0.03% exploit probability (9.7th percentile)

Published: July 23, 2025

Last Updated: July 25, 2025

🔗 References

• https://drive.google.com/file/d/12XY2WFBvGJ104gUvyG6YDIEdy4y1gl8i/view
• https://gist.github.com/Suuuuuzy/609c7b2e74a8cc16c8e0302a100b86e0
• https://suuuuuzy.github.io/mostly-harmless/pinokio_poc/index.html

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44109, you might also want to check these:

CVE-2025-43526 9.8

A URL validation vulnerability in macOS and Safari allows web content opened via file URLs to bypass...

Same vulnerability type (CWE-601)

CVE-2025-55031 9.8

This vulnerability in Firefox and Focus for iOS allows malicious web pages to trigger hybrid passkey...

Same vulnerability type (CWE-601)

CVE-2024-22891 9.8

CVE-2024-22891 is a critical remote code execution vulnerability in Nteract v0.28.0 that allows atta...

Same vulnerability type (CWE-601)