CVE-2025-64781
MEDIUMDescription
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website when accessing a specially crafted URL.
Is your site exposed to CVE-2025-64781?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| groupsession | groupsession |
| groupsession | groupsession |
| groupsession | groupsession |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-64781? +
How severe is CVE-2025-64781? +
What products are affected by CVE-2025-64781? +
How do I check if I'm vulnerable to CVE-2025-64781? +
Related Vulnerabilities
CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when …
An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default …
Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by …
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific …
Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the …
A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel …