CVE-2025-66025 – This vulnerability allows attackers to inject m... (How to Fix)

Q: What is the severity of CVE-2025-66025?

CVE-2025-66025 has a CVSS score of 4.3 (MEDIUM). This vulnerability allows attackers to inject malicious links into Caido's Markdown renderer on the Findings page. When users click these links, they are redirected to attacker-controlled domains, enabling phishing attacks. Users of Caido versions before 0.53.0 are affected.

📋 TL;DR

This vulnerability allows attackers to inject malicious links into Caido's Markdown renderer on the Findings page. When users click these links, they are redirected to attacker-controlled domains, enabling phishing attacks. Users of Caido versions before 0.53.0 are affected.

💻 Affected Systems

Products:

Caido

Versions: All versions prior to 0.53.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction (clicking links) and affects the Findings page where scanner/plugin results are displayed.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are tricked into entering credentials on fake login pages, leading to credential theft and potential account compromise.

🟠

Likely Case

Users are redirected to malicious sites for phishing or malware distribution.

🟢

If Mitigated

No impact if users don't click suspicious links or if the application is patched.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to inject Markdown into findings, typically through scanner results or plugins.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.53.0

Vendor Advisory: https://github.com/caido/caido/security/advisories/GHSA-cf52-h5mw-gmc2

Restart Required: Yes

Instructions:

1. Backup current Caido configuration. 2. Stop Caido service. 3. Update to version 0.53.0 or later. 4. Restart Caido service.

🔧 Temporary Workarounds

Disable external link rendering

all

Configure Caido to not render external links in Markdown or require confirmation for all links.

User awareness training

all

Train users to avoid clicking unexpected links in findings.

🧯 If You Can't Patch

Restrict access to Caido to trusted users only
Monitor for suspicious redirects in network logs

🔍 How to Verify

Check if Vulnerable:

Check Caido version - if below 0.53.0, it's vulnerable.

Check Version:

caido --version or check Caido web interface

Verify Fix Applied:

Verify Caido version is 0.53.0 or higher and test that external links require confirmation.

📡 Detection & Monitoring

Log Indicators:

Unexpected redirects from Caido application
Suspicious link clicks in user activity logs

Network Indicators:

Outbound connections to unknown domains after clicking Caido links

SIEM Query:

source="caido" AND (event="redirect" OR url="*://*" AND NOT url="*://trusted-domain*"))

📊 Metadata

CVE ID: CVE-2025-66025

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-74

EPSS Score: 0.04% exploit probability (11.8th percentile)

Published: November 26, 2025

Last Updated: December 1, 2025

🔗 References

https://github.com/caido/caido/security/advisories/GHSA-cf52-h5mw-gmc2

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66025, you might also want to check these: