CVE-2025-2418: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in TR7 Cyber Defense Inc. Web Application Firewall
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117.
AI Analysis
Technical Summary
This vulnerability (CWE-601) in TR7 Cyber Defense Inc.'s Web Application Firewall allows an attacker to craft URLs that redirect users to untrusted external sites. Affected versions include 4.30 prior to 1.4.0.117. The vulnerability is classified as an Open Redirect, which can facilitate phishing by misleading users into visiting malicious websites. The CVSS v3.1 base score is 4.3, reflecting a medium severity with low impact on confidentiality and no impact on integrity or availability. The vulnerability requires no privileges and no user interaction to be triggered remotely over an adjacent network.
Potential Impact
The primary impact is the potential facilitation of phishing attacks through URL redirection to untrusted sites. There is limited impact on confidentiality, integrity, or availability of the Web Application Firewall itself. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or temporary fix is provided in the available data, users should monitor the vendor's communications for updates. Until a fix is available, caution should be exercised when handling URLs generated by the affected versions to avoid phishing risks.
CVE-2025-2418: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in TR7 Cyber Defense Inc. Web Application Firewall
Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-601) in TR7 Cyber Defense Inc.'s Web Application Firewall allows an attacker to craft URLs that redirect users to untrusted external sites. Affected versions include 4.30 prior to 1.4.0.117. The vulnerability is classified as an Open Redirect, which can facilitate phishing by misleading users into visiting malicious websites. The CVSS v3.1 base score is 4.3, reflecting a medium severity with low impact on confidentiality and no impact on integrity or availability. The vulnerability requires no privileges and no user interaction to be triggered remotely over an adjacent network.
Potential Impact
The primary impact is the potential facilitation of phishing attacks through URL redirection to untrusted sites. There is limited impact on confidentiality, integrity, or availability of the Web Application Firewall itself. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or temporary fix is provided in the available data, users should monitor the vendor's communications for updates. Until a fix is available, caution should be exercised when handling URLs generated by the affected versions to avoid phishing risks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- TR-CERT
- Date Reserved
- 2025-03-17T13:47:09.401Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699306bfd1735ca7315a65f0
Added to database: 2/16/2026, 11:59:59 AM
Last enriched: 5/8/2026, 1:48:41 AM
Last updated: 5/20/2026, 6:33:45 AM
Views: 151
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.