The vulnerability identified as CVE-2025-49325 affects Automattic's Newspack Newsletters plugin, specifically versions up to 3.13.0. It is classified as an 'Open Redirect' vulnerability, where the application improperly validates URLs before redirecting users, enabling redirection to untrusted external sites. This can be leveraged by attackers to conduct phishing attacks by misleading users into visiting malicious websites. The CVSS 3.1 vector indicates the attack can be performed remotely without privileges, requires user interaction, and impacts confidentiality with a medium severity score of 4.7. No patch or remediation information is currently provided.

The primary impact is the potential facilitation of phishing attacks through malicious URL redirection. Confidentiality may be partially impacted if users are tricked into divulging sensitive information on attacker-controlled sites. There is no direct impact on integrity or availability reported. No known active exploitation has been documented.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when clicking on URLs generated by the affected Newspack Newsletters versions. Monitoring for updates from Automattic regarding patches or mitigations is recommended.