{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T11:17:39.155","vulnerabilities":[{"cve":{"id":"CVE-2025-71244","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-02-19T16:27:12.507","lastModified":"2026-06-17T10:03:56.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen."},{"lang":"es","value":"SPIP anterior a 4.4.5 y 4.3.9 permite una redirección abierta a través del formulario de inicio de sesión cuando se utiliza en modo AJAX. Un atacante puede crear una URL maliciosa que, cuando es visitada por una víctima, los redirige a un sitio externo arbitrario después de iniciar sesión. Esta vulnerabilidad solo afecta a los sitios donde la página de inicio de sesión ha sido sobrescrita para funcionar en modo AJAX. No es mitigada por la pantalla de seguridad de SPIP."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"SPIP","product":"SPIP","defaultStatus":"unaffected","versions":[{"version":"4.3.0","lessThan":"4.3.9","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThan":"4.4.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-19T17:22:48.824000Z","id":"CVE-2025-71244","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.9","matchCriteriaId":"8E0B5F82-18DF-425B-BA3B-169EDDBCC363"},{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.5","matchCriteriaId":"0D5269D7-E0BC-4216-839C-D786F1E2F6A2"}]}]}],"references":[{"url":"https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-4-5.html","source":"disclosure@vulncheck.com","tags":["Broken Link"]},{"url":"https://git.spip.net/spip/spip","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.vulncheck.com/advisories/spip-open-redirect-via-login-form","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}}]}