The vulnerability identified as CVE-2025-62981 affects the CRM Perks WP Gravity Forms Zoho CRM and Bigin plugin up to version 1.2.8. It is an Open Redirect issue where the plugin improperly handles URL redirection, allowing attackers to redirect users to malicious external websites. This can be leveraged in phishing campaigns to deceive users into visiting untrusted sites. The CVSS 3.1 base score is 4.7, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, user interaction required, and partial impact on confidentiality. The vulnerability is published and tracked by Patchstack but no patch or fix links are available yet.

Successful exploitation of this vulnerability can lead to users being redirected to malicious websites, increasing the risk of phishing attacks. There is no direct impact on system integrity or availability reported. Confidentiality impact is low, as the vulnerability does not itself disclose sensitive information but may facilitate social engineering attacks.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with URLs generated by the affected plugin and consider implementing additional URL validation or user warnings for redirects. Monitoring for updates from CRM Perks regarding patches is recommended.