How severe is CVE-2025-30164?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2025-30164?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2025-30164 - MEDIUM Severity | CVSS 4.1

Vulnerability Description

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available.

Related Vulnerabilities

CVE-2023-34247

MEDIUM

CVSS:4.1(Medium)

Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users ...

CWE-6012023

CVE-2024-32078

MEDIUM

CVSS:4.1(Medium)

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.

CWE-6012024

CVE-2019-11269

MEDIUM

CVSS:4.2(Medium)

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector att...

CWE-6012019

CVE-2022-1230

LOW

CVSS:3.9(Low)

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-p...

CWE-6012022

CVE-2018-11784

MEDIUM

CVSS:4.3(Medium)

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...

CWE-6012018

CVE-2018-5304

MEDIUM

CVSS:4.3(Medium)

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web applic...

CWE-6012018