CVE-2025-67502: Open Redirect Vulnerability in Taguette

December 9, 2025 (updated December 10, 2025)

An Open Redirect vulnerability exists in Taguette that allows attackers to craft malicious URLs that redirect users to arbitrary external websites after authentication. This can be exploited for phishing attacks where victims believe they are interacting with a trusted Taguette instance but are redirected to a malicious site designed to steal credentials or deliver malware.

Severity: Medium to High

References

github.com/advisories/GHSA-5923-r76v-mprm
github.com/remram44/taguette
github.com/remram44/taguette/commit/67de2d2612e7e2572c61cd9627f89c2bfd0f2a36
github.com/remram44/taguette/security/advisories/GHSA-5923-r76v-mprm
nvd.nist.gov/vuln/detail/CVE-2025-67502

Code Behaviors & Features

Detect and mitigate CVE-2025-67502 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →