CVE-2025-59426 is an open redirect vulnerability (CWE-601) identified in the open-source AI chat framework lobe-chat, specifically in versions prior to 1.130.1. The vulnerability arises from improper handling of OpenID Connect (OIDC) redirect URLs. The affected versions construct the host and protocol of the final redirect URL based on HTTP headers such as X-Forwarded-Host, Host, and X-Forwarded-Proto without adequate validation. In deployment scenarios where a reverse proxy forwards client-supplied X-Forwarded-* headers directly to the origin server, or where the origin server trusts these headers without verification, an attacker can manipulate these headers to inject an arbitrary host. This leads to an open redirect condition where users are redirected to malicious external domains. Exploiting this vulnerability requires no authentication but does require user interaction, as the victim must follow the crafted redirect link. The vulnerability has a CVSS v3.1 base score of 4.3, indicating medium severity, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, no privileges required, but user interaction is necessary. The impact primarily affects integrity by potentially enabling phishing or social engineering attacks through malicious redirects, but it does not directly compromise confidentiality or availability. The issue was patched in version 1.130.1 of lobe-chat, which implements proper validation of redirect URLs to prevent injection of untrusted hosts.

For European organizations using lobe-chat versions prior to 1.130.1, this vulnerability poses a risk of redirecting users to malicious websites controlled by attackers. This can facilitate phishing attacks, credential theft, or distribution of malware by exploiting user trust in the legitimate lobe-chat service. While the vulnerability does not directly allow data exfiltration or system compromise, the indirect consequences can be significant, especially in sectors handling sensitive data such as finance, healthcare, and government. The open redirect can undermine user confidence and potentially lead to regulatory scrutiny under GDPR if user data is compromised through subsequent attacks. Additionally, organizations relying on OIDC for authentication flows may see their authentication processes abused to redirect users to fraudulent login pages, increasing the risk of credential harvesting. Since exploitation requires user interaction, the threat is more likely to be realized through targeted phishing campaigns or social engineering. However, the widespread use of AI chat frameworks in customer-facing applications and internal tools means the attack surface could be broad. The medium severity score reflects these considerations, emphasizing the importance of patching to maintain trust and security posture.

1. Immediate upgrade of all lobe-chat deployments to version 1.130.1 or later, which contains the patch that properly validates redirect URLs and prevents injection of arbitrary hosts. 2. Review and harden reverse proxy configurations to ensure that client-supplied X-Forwarded-* headers are either sanitized or not blindly forwarded to origin servers. Implement strict header validation and filtering at the proxy level. 3. Implement allowlists for redirect URLs within the application to restrict redirection targets to trusted domains only. 4. Monitor logs for unusual redirect patterns or unexpected external URL redirections that could indicate exploitation attempts. 5. Educate users and administrators about the risks of open redirects and phishing attacks, emphasizing caution when clicking on links that trigger redirects. 6. Conduct security assessments and penetration tests focusing on authentication flows and redirect handling to identify any residual or similar vulnerabilities. 7. If immediate patching is not feasible, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block suspicious redirect attempts based on header anomalies.