CVE-2025-10229 is an open redirect vulnerability identified in Freshwork versions up to and including 1.2.3. The vulnerability resides in the /api/v2/logout endpoint, specifically in the handling of the post_logout_redirect_uri parameter. An attacker can manipulate this parameter to redirect users to arbitrary external URLs after logout, effectively enabling an open redirect attack. This vulnerability can be exploited remotely without requiring authentication or privileges, and only requires user interaction in the form of clicking a crafted link or being redirected. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that the attack vector is network-based, with low attack complexity, no privileges required, but requiring user interaction. The impact on confidentiality and availability is minimal, but integrity is slightly impacted due to potential phishing or social engineering attacks leveraging the redirect. The vendor has released version 1.2.3 to address this issue, though the description notes that versions up to 1.2.3 are affected, which may indicate that the fix is in a later patch or that 1.2.3 is the fixed version. The vendor did not respond to early disclosure attempts. No known exploits are currently in the wild, but public disclosure increases the risk of exploitation. Open redirect vulnerabilities can be leveraged in phishing campaigns to bypass URL filters and trick users into visiting malicious sites under the guise of a trusted domain, potentially leading to credential theft or malware delivery. Given the nature of Freshwork as a software product (likely a SaaS or web-based platform), this vulnerability could be used to target users of the platform or customers of organizations using Freshwork services.

For European organizations using Freshwork, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks. Attackers could craft URLs that appear to originate from a legitimate Freshwork domain but redirect users to malicious sites, undermining user trust and potentially leading to credential compromise or malware infections. This could impact organizations' confidentiality and integrity of user data indirectly. While the vulnerability does not allow direct system compromise or data leakage, the reputational damage and potential downstream impacts from successful phishing could be significant, especially for organizations handling sensitive or regulated data under GDPR. Additionally, sectors with high reliance on Freshwork for customer relationship management or support workflows may experience operational disruptions if users are wary of interacting with logout or session management flows. The lack of vendor responsiveness may delay patch adoption, increasing exposure time. Overall, the impact is moderate but should not be underestimated given the potential for exploitation in targeted phishing campaigns.

1. Immediate upgrade to the fixed version of Freshwork beyond 1.2.3 if available, or confirm with the vendor the exact patched version to ensure the vulnerability is remediated. 2. Implement web application firewall (WAF) rules to detect and block suspicious redirect parameters, especially those that point to external domains not whitelisted. 3. Educate users and administrators about the risk of phishing attacks leveraging open redirects, emphasizing caution when clicking logout or session-related links. 4. Monitor logs for unusual redirect parameter usage or spikes in logout endpoint access patterns that could indicate exploitation attempts. 5. If possible, modify application logic to validate and restrict post_logout_redirect_uri parameters to a set of trusted internal URLs only. 6. Employ URL filtering and email security solutions to detect and block phishing emails containing malicious redirect links. 7. Engage with the vendor or community to confirm patch status and timelines, and consider alternative solutions if vendor support remains unresponsive. 8. Conduct regular security assessments and penetration tests focusing on redirect and session management endpoints to detect similar issues proactively.