CVE-2025-4143: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/26 https://github.com/cloudflare/workers-oauth-provider/pull/26 Impact: Under certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them. In order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. The authorization flow is not implemented by workers-oauth-provider; it is up to the application built on top to decide whether to implement such automatic re-authorization. However, many applications do implement such logic. Note: It is a basic, well-known requirement that OAuth servers should verify that the redirect URI is among the allowed list for the client, both during the authorization flow and subsequently when exchanging the authorization code for an access token. workers-oauth-provider implemented only the latter check, not the former. Unfortunately, the former is the much more important check. Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it.
AI Analysis
Technical Summary
CVE-2025-4143 is a vulnerability classified as CWE-601 (URL Redirection to Untrusted Site, commonly known as an 'Open Redirect') found in the OAuth implementation within the workers-oauth-provider component of the MCP framework by Cloudflare. The core issue arises because the OAuth server implementation fails to properly validate that the redirect_uri parameter during the OAuth authorization flow is included in the allowed list of redirect URIs registered for the client application. Specifically, while the workers-oauth-provider correctly validates the redirect_uri during the token exchange phase, it neglects to perform this critical validation during the initial authorization request. This omission allows an attacker to craft malicious URLs that redirect victims to attacker-controlled sites after OAuth authorization, potentially enabling credential theft or session hijacking. The exploit scenario requires that the victim has previously authorized an OAuth client on the vulnerable server and that the server's authorization logic is configured to auto-approve re-authorizations from previously authorized clients without explicit user interaction. Although the workers-oauth-provider library does not implement this auto-approval logic itself, many applications built on top of it do, which increases the risk. The attacker can lure the victim into visiting a malicious URL that abuses the open redirect flaw to steal OAuth credentials or impersonate the victim on the OAuth server. This vulnerability is a fundamental OAuth security flaw, as the OAuth specification mandates strict validation of redirect URIs to prevent such attacks. The flaw was introduced due to a coding oversight despite awareness of the requirement. The CVSS 4.0 score is 6.0 (medium severity), reflecting network attack vector, high complexity, partial user interaction, and high impact on confidentiality. No known exploits are currently reported in the wild. The vulnerability was published on May 1, 2025, and fixed in a subsequent pull request on the GitHub repository.
Potential Impact
For European organizations using the MCP framework's workers-oauth-provider for OAuth authorization, this vulnerability can lead to significant security risks. Attackers exploiting this flaw could steal OAuth credentials, enabling unauthorized access to sensitive resources and services protected by OAuth tokens. This can result in data breaches, unauthorized transactions, and impersonation of legitimate users, undermining trust and compliance with data protection regulations such as GDPR. The impact is particularly severe for organizations relying on automated or streamlined OAuth flows that implement auto-approval of previously authorized clients, as this increases the likelihood of successful exploitation. Additionally, compromised OAuth tokens can be leveraged to pivot within enterprise networks, potentially affecting confidentiality and integrity of critical systems. The medium CVSS score reflects that exploitation requires user interaction and high attack complexity, but the confidentiality impact is high. Given the widespread adoption of OAuth in web services, the vulnerability poses a moderate but tangible threat to European enterprises, especially those in sectors like finance, healthcare, and government that rely heavily on OAuth for secure authentication and authorization.
Mitigation Recommendations
1. Immediate upgrade to the patched version of workers-oauth-provider that includes the fix for redirect_uri validation during the authorization request phase. Monitor the official GitHub repository for the latest updates. 2. Audit all OAuth server implementations built on workers-oauth-provider to ensure that redirect_uri validation is enforced both during authorization requests and token exchanges. 3. Disable or carefully review any auto-approval logic for OAuth re-authorizations to require explicit user consent, thereby reducing the risk of automated token theft. 4. Implement strict allowlists for redirect URIs and enforce exact matching rather than pattern-based or partial matching. 5. Conduct penetration testing and code reviews focusing on OAuth flows to detect similar misconfigurations or logic flaws. 6. Educate developers and security teams about OAuth best practices, emphasizing the critical nature of redirect URI validation. 7. Deploy web application firewalls (WAFs) with rules to detect and block suspicious OAuth redirect patterns. 8. Monitor OAuth authorization logs for unusual redirect_uri parameters or repeated authorization attempts from the same client. 9. For organizations unable to immediately patch, consider temporarily disabling OAuth clients that rely on workers-oauth-provider or restricting access to trusted networks until remediation is complete.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy
CVE-2025-4143: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Description
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/26 https://github.com/cloudflare/workers-oauth-provider/pull/26 Impact: Under certain circumstances (see below), if a victim had previously authorized with a server built on workers-oath-provider, and an attacker could later trick the victim into visiting a malicious web site, then attacker could potentially steal the victim's credentials to the same OAuth server and subsequently impersonate them. In order for the attack to be possible, the OAuth server's authorized callback must be designed to auto-approve authorizations that appear to come from an OAuth client that the victim has authorized previously. The authorization flow is not implemented by workers-oauth-provider; it is up to the application built on top to decide whether to implement such automatic re-authorization. However, many applications do implement such logic. Note: It is a basic, well-known requirement that OAuth servers should verify that the redirect URI is among the allowed list for the client, both during the authorization flow and subsequently when exchanging the authorization code for an access token. workers-oauth-provider implemented only the latter check, not the former. Unfortunately, the former is the much more important check. Readers who are familiar with OAuth may recognize that failing to check redirect URIs against the allowed list is a well-known, basic mistake, covered extensively in the RFC and elsewhere. The author of this library would like everyone to know that he was, in fact, well-aware of this requirement, thought about it a lot while designing the library, and then, somehow, forgot to actually make sure the check was in the code. That is, it's not that he didn't know what he was doing, it's that he knew what he was doing but flubbed it.
AI-Powered Analysis
Technical Analysis
CVE-2025-4143 is a vulnerability classified as CWE-601 (URL Redirection to Untrusted Site, commonly known as an 'Open Redirect') found in the OAuth implementation within the workers-oauth-provider component of the MCP framework by Cloudflare. The core issue arises because the OAuth server implementation fails to properly validate that the redirect_uri parameter during the OAuth authorization flow is included in the allowed list of redirect URIs registered for the client application. Specifically, while the workers-oauth-provider correctly validates the redirect_uri during the token exchange phase, it neglects to perform this critical validation during the initial authorization request. This omission allows an attacker to craft malicious URLs that redirect victims to attacker-controlled sites after OAuth authorization, potentially enabling credential theft or session hijacking. The exploit scenario requires that the victim has previously authorized an OAuth client on the vulnerable server and that the server's authorization logic is configured to auto-approve re-authorizations from previously authorized clients without explicit user interaction. Although the workers-oauth-provider library does not implement this auto-approval logic itself, many applications built on top of it do, which increases the risk. The attacker can lure the victim into visiting a malicious URL that abuses the open redirect flaw to steal OAuth credentials or impersonate the victim on the OAuth server. This vulnerability is a fundamental OAuth security flaw, as the OAuth specification mandates strict validation of redirect URIs to prevent such attacks. The flaw was introduced due to a coding oversight despite awareness of the requirement. The CVSS 4.0 score is 6.0 (medium severity), reflecting network attack vector, high complexity, partial user interaction, and high impact on confidentiality. No known exploits are currently reported in the wild. The vulnerability was published on May 1, 2025, and fixed in a subsequent pull request on the GitHub repository.
Potential Impact
For European organizations using the MCP framework's workers-oauth-provider for OAuth authorization, this vulnerability can lead to significant security risks. Attackers exploiting this flaw could steal OAuth credentials, enabling unauthorized access to sensitive resources and services protected by OAuth tokens. This can result in data breaches, unauthorized transactions, and impersonation of legitimate users, undermining trust and compliance with data protection regulations such as GDPR. The impact is particularly severe for organizations relying on automated or streamlined OAuth flows that implement auto-approval of previously authorized clients, as this increases the likelihood of successful exploitation. Additionally, compromised OAuth tokens can be leveraged to pivot within enterprise networks, potentially affecting confidentiality and integrity of critical systems. The medium CVSS score reflects that exploitation requires user interaction and high attack complexity, but the confidentiality impact is high. Given the widespread adoption of OAuth in web services, the vulnerability poses a moderate but tangible threat to European enterprises, especially those in sectors like finance, healthcare, and government that rely heavily on OAuth for secure authentication and authorization.
Mitigation Recommendations
1. Immediate upgrade to the patched version of workers-oauth-provider that includes the fix for redirect_uri validation during the authorization request phase. Monitor the official GitHub repository for the latest updates. 2. Audit all OAuth server implementations built on workers-oauth-provider to ensure that redirect_uri validation is enforced both during authorization requests and token exchanges. 3. Disable or carefully review any auto-approval logic for OAuth re-authorizations to require explicit user consent, thereby reducing the risk of automated token theft. 4. Implement strict allowlists for redirect URIs and enforce exact matching rather than pattern-based or partial matching. 5. Conduct penetration testing and code reviews focusing on OAuth flows to detect similar misconfigurations or logic flaws. 6. Educate developers and security teams about OAuth best practices, emphasizing the critical nature of redirect URI validation. 7. Deploy web application firewalls (WAFs) with rules to detect and block suspicious OAuth redirect patterns. 8. Monitor OAuth authorization logs for unusual redirect_uri parameters or repeated authorization attempts from the same client. 9. For organizations unable to immediately patch, consider temporarily disabling OAuth clients that rely on workers-oauth-provider or restricting access to trusted networks until remediation is complete.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- cloudflare
- Date Reserved
- 2025-04-30T16:36:33.506Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbeca8a
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 6/25/2025, 8:27:46 PM
Last updated: 7/29/2025, 4:13:04 PM
Views: 14
Related Threats
CVE-2025-9047: SQL Injection in projectworlds Visitor Management System
MediumCVE-2025-9046: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9028: SQL Injection in code-projects Online Medicine Guide
MediumCVE-2025-26709: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ZTE F50
MediumCVE-2025-9027: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.