CVE-2025-67713
📋 TL;DR
Miniflux 2 versions 2.2.14 and below contain an open redirect vulnerability that allows attackers to redirect users to malicious websites after login. The vulnerability occurs because protocol-relative URLs (like //attacker.com) pass the safety check, enabling phishing attacks. All users running vulnerable versions are affected.
💻 Affected Systems
- Miniflux 2
📦 What is this software?
Miniflux by Miniflux Project
⚠️ Risk & Real-World Impact
Worst Case
Users are redirected to convincing phishing sites after logging into Miniflux, leading to credential theft, malware installation, or further social engineering attacks.
Likely Case
Attackers create phishing campaigns targeting Miniflux users, redirecting them to fake login pages or malicious sites to steal credentials or deliver malware.
If Mitigated
With proper user awareness training and browser security controls, users might recognize suspicious redirects, but the vulnerability still exists.
🎯 Exploit Status
Exploitation requires user interaction (clicking a crafted link) but is technically simple to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2.15
Vendor Advisory: https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9
Restart Required: Yes
Instructions:
1. Backup your Miniflux installation and database. 2. Download version 2.2.15 from the official repository. 3. Replace the existing Miniflux files with the new version. 4. Restart the Miniflux service.
🔧 Temporary Workarounds
Disable redirect_url functionality
allModify Miniflux configuration to disable or restrict redirect functionality if not needed.
Edit configuration file to remove or comment out redirect-related settings
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block protocol-relative URLs in redirect parameters.
- Educate users to verify URLs before entering credentials and to report suspicious redirects.
🔍 How to Verify
Check if Vulnerable:
Check Miniflux version via web interface or configuration file. If version is 2.2.14 or lower, it's vulnerable.Check Version:
Check the Miniflux web interface dashboard or examine the application version in configuration files.Verify Fix Applied:
After updating, confirm version is 2.2.15 or higher and test redirect functionality with protocol-relative URLs.📡 Detection & Monitoring
Log Indicators:
- Log entries showing redirects to external domains with protocol-relative URLs (starting with //)
- Unusual redirect patterns in authentication logs
Network Indicators:
- HTTP 302 redirect responses containing //attacker.com patterns
- Outbound connections to unexpected domains after login
SIEM Query:
web_logs status=302 AND url="*//*" AND user_agent="Miniflux*"