CVE-2025-11222: Central Dogma's Login Function Has an Open Redirect Vulnerability

December 4, 2025

Successful exploitation of this vulnerability could allow an attacker to craft a malicious link that, when clicked by a victim, redirects them to a phishing website designed to mimic the legitimate Central Dogma login page. This could result in the compromise of user accounts and unauthorized access to the Central Dogma instance.

References

github.com/advisories/GHSA-4hr2-xf7w-jf76
github.com/line/centraldogma
github.com/line/centraldogma/commit/95e7bbd77266493e4ec70b670bd91fa3e3289de0
github.com/line/centraldogma/pull/1207
github.com/line/centraldogma/security/advisories/GHSA-4hr2-xf7w-jf76
nvd.nist.gov/vuln/detail/CVE-2025-11222

Code Behaviors & Features

Detect and mitigate CVE-2025-11222 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →