The vulnerability identified as CVE-2025-60151 exists in the WP Gravity Forms HubSpot plugin by CRM Perks, specifically versions up to 1.2.5. It is an Open Redirect flaw where the application improperly validates URLs before redirecting users, enabling attackers to craft URLs that redirect victims to malicious external sites. This can facilitate phishing attacks by exploiting user trust in the legitimate site. The CVSS 3.1 base score is 4.7 (medium), with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and limited confidentiality impact. No patch or vendor advisory is currently provided, and no exploits are known in the wild.

The primary impact is the potential for phishing attacks due to the ability to redirect users to untrusted sites. There is no direct impact on data confidentiality, integrity, or availability. The vulnerability could be used to deceive users into visiting malicious websites, potentially leading to credential theft or other social engineering outcomes. However, the vulnerability itself does not enable direct system compromise or data breach.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when clicking on URLs generated by the affected plugin. Monitoring for updates from CRM Perks regarding a patch is recommended. No vendor advisory or official fix information is currently available.