CVE-2025-47789 – This is an open redirect vulnerability in Horil... (How to Fix)

Q: What is the severity of CVE-2025-47789?

CVE-2025-47789 has a CVSS score of 6.1 (MEDIUM). This is an open redirect vulnerability in Horilla HRMS that allows attackers to craft URLs that redirect users to external malicious domains after login. Attackers can use this to create convincing phishing pages that impersonate Horilla. All users of Horilla HRMS versions up to 1.3 are affected.

📋 TL;DR

This is an open redirect vulnerability in Horilla HRMS that allows attackers to craft URLs that redirect users to external malicious domains after login. Attackers can use this to create convincing phishing pages that impersonate Horilla. All users of Horilla HRMS versions up to 1.3 are affected.

💻 Affected Systems

Products:

Horilla HRMS

Versions: Up to and including version 1.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Horilla by Horilla

View all CVEs affecting Horilla →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to sophisticated phishing sites that steal credentials, leading to full account compromise and potential data breaches.

🟠

Likely Case

Attackers create convincing phishing pages that harvest user credentials, leading to unauthorized access to HR systems.

🟢

If Mitigated

Users are redirected to suspicious external domains but recognize the phishing attempt before entering credentials.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking a crafted link) but is technically simple to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Post-commit 1c72404df6888bb23af73c767fdaee5e6679ebd6

Vendor Advisory: https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468

Restart Required: Yes

Instructions:

1. Update Horilla to the latest version after commit 1c72404df6888bb23af73c767fdaee5e6679ebd6. 2. Restart the Horilla application. 3. Verify the fix by testing URL redirection.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject URLs containing external domains in redirect parameters.

# Add validation logic in your application code to check redirect URLs

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block requests with external domains in redirect parameters.
Educate users about phishing risks and train them to verify URLs before entering credentials.

🔍 How to Verify

Check if Vulnerable:

Test by creating a URL with an external redirect parameter and checking if it redirects after login.

Check Version:

Check Horilla version in admin panel or via application configuration files.

Verify Fix Applied:

After patching, test the same URL to confirm it no longer redirects to external domains.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in application logs
Multiple failed login attempts followed by redirects to external domains

Network Indicators:

HTTP 302 redirects to external domains from Horilla login endpoints

SIEM Query:

source="horilla_logs" AND (url="*redirect=*http*" OR url="*redirect=*https*")

📊 Metadata

CVE ID: CVE-2025-47789

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.04% exploit probability (13.2th percentile)

Published: May 15, 2025

Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47789, you might also want to check these: